773M Credentials Found on the Dark Web
A database called Collection #1 has 773 million breached emails addresses has been found in a underground hacking forum. To date this is the largest sum of compromised accounts to year.
This database in size totals 87GB of data, it was seen being hosted on the MEGA cloud service but instantly removed after it was discovered. The data was split into 12,000 separate text files under a folder called “Collection #1” Even after the database was removed from MEGA Cloud it was instantly turned up in the Dark Web.
Check Your Email Addresses and Passwords in HIBP
Please do yourself a favor and go to https://haveibeenpwned.com/. This website will allow you to search a database hosted by HIBP that contains all the email’s and unique password’s that have ever been leaked into the dark web.
Fix slow internet speed with Intel Wireless-AC 7265 – 8265 when Sonicwall VPN enabled
Fix slow internet speed with Intel Wireless-AC 7265 – 8265 when Sonicwall VPN software is enabled and not even connected to the VPN destination. There is a glitch with the Sonicwall GVC 4.9 software running in Windows 10 version 1803 where when the software is enabled download speeds on the Intel Dual Band Wireless-AC 7265 – 8265 are super slow. To fix this issue you will need to obtain the Sonicwall GVC ( Global VPN Client ) Ver: 5.0 you can do this by opening a support ticket and requesting the installer or downloading it from the provided link.
I hope this article was helpful, if you have any questions, please feel free to contact me. If you would like to be notified of when I create a new post, you can subscribe to my blog alert.
An easy way to contribute to my blog would be to click
… Read the rest
Fortnite Hacked Via Insecure Single Sign-On
Looks like there was a single sign-on vulnerability with Fortnite that could have had hackers break into millions of accounts and steal their virtual assets. On Wednesday the researchers at Check Point found the vulnerability which is tied to the way the single-sign-on (SSO) works between PlayStation Network, Xbox Live, Nintendo, Facebook and Google and the Epic Games server. The attacker could create a malicious link using a legitimate Epic Games sub-domain to trigger the attack. I’m sure they will be on top of PR and protecting the brand. Every Game is just a Game and can be replaced. Best of luck Fortnite.… Read the rest
Bluehost and other web hosting company sites found to be full of flaws
Independent researcher and bug-hunter Paulos Yibelo has identified four vulnerabilities at the web-hosting platform Bluehost and was found to contain multiple account takeover and information leak vulnerabilities. one of which is a “High” severity information leak through CORS misconfigurations that could allow attackers to steal personally identifiable information, partial payment details and tokens which can give access to hosted WordPress, Mojo, SiteLock and others.
The site is also vulnerable to account takeover because of improper JSON request validation CSRF, Man-in-the-middle attacks due to improper validation of CORS scheme and cross scripting on my.bluehost.com, according to the Yibelo’s recent blog post.
Yibelo tested four other web hosting companies and also found cross scripting and information disclosure vulnerabilities in Dreamhost, information disclosure among other vulnerabilities in Hostgator and OVH, and account takeover and other vulnerabilities in iPage.… Read the rest
The Best Computer Maintenance Checklist
If you looking for the Best Computer Maintenance Checklist look no further. This checklist will keep your company’s laptops, desktops in top condition. A regular computer maintenance checklist can help you and your IT department tune up computers when your team is in the office, and even provide guidelines to your end users on how to take better care of their machines. Here is the best ten point checklist.
- Anti-virus: Install an anti-virus and malware protection program. Run a full scan on the computer at the initial installation to identify and remove any existing problems on the system.
- Backup: Choose and install an automated backup program like CrashPlan that connects the computer to a storage program in the cloud. Define which files need to be backed up and automate a schedule for daily backups whenever the computer is connected to the internet.
- Passwords: Improve your networks security by setting
How to Enable Windows Sandbox
The Windows Sandbox provides an isolated desktop where you can run software that might compromise your current Windows environment. Every time Windows Sandbox is started, you will be presented with a clean installation of Windows, meaning no files are preserved from the previous session.
Enable Windows Sandbox
Here are a few details before you can use Windows Sandbox. You must be running Windows 10 (18305 or later) 64-bit Pro or Enterprise SKUs, with at least 4GB of RAM, virtualization capabilities enabled in the BIOS, 1GB of free disk space, and at least 2 CPU cores.
Windows Sandbox is a built-in Windows feature which you can enable from the Control Panel.
- Open the Control Panel.
- Click Programs.
- Under Programs and Features, click Turn Windows features on or off.
- Give consent or provide an administrator password in the UAC prompt.
Hacker Group TA505 Ramping Up Their Trickery
Hacker Group TA505 are cyber criminals through and through, they are the bunch that brought you the Locky Ransomware. TA505 have decided to go after more US companies so get ready for more phishing attacks.
These phishing attacks will be tailored specifically to their targets so watch out for tricky emails containing attachments like word docs, excel and pdf’s.
- Don’t open an attachment unless you know who it is from & are expecting it.
- Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments.
- Read More Email Security Tips
These attachments will have RAT payloads which will contain a macro that will deployed the AMMYY Remote Software To the computer without the end user knowing which then it will allow them to remotely access your computer and they will install Cryptocurrency miners. These miners are less noticeable to the user because it uses … Read the rest
Facebook Toolkit Awesome Automation.
I needed to automate some of these Facebook tasks and I’m sure some of you want to do the same, auto adding people, auto messaging, auto accept requests and a few others. After looking around for a bit I ran into something quite cool to automate certain tasks in FB. It’s a plugin by PlugEx called Toolkit For FB . This Plugin is only for Google Chrome so make sure you have that installed
Click all like buttons
- This tool will allow you to like multiple posts on Facebook.
Accept or reject all friend requests
- This tool will allow you to accept or reject multiple Facebook friend requests.
Click all poke buttons
- This tool will allow you to poke multiple friends on Facebook .
Click all add friend buttons
- This tool will allow you to send friend requests to multiple people.
Click all share buttons
- This tool will allow you
Lean Six Sigma Implementation in IT Operations
Lean Six Sigma has been around for quite some time and is now starting to be used in IT Operations more often to provide ITSM success. The implementation of Lean Six Sigma for the most part into the daily IT Operations has been proved fruitful for companies because the strengths of Six Sigma which lies in the data driven approach. It has supported in minimizing the Project Duration and the Lean Six Sigma framework can be used by IT professionals towards challenges and overcome solutions for tomorrow.
Lean Six Sigma is a defect reduction methodology that can transform organizations to focus on the quality of the customer experience, Lean Six Sigma aims to measure and improve both internal processes, such as network speed and reliability, and line-of-business processes in which IT has a role.
In this challenging World, IT and the management of information must be handled with care and … Read the rest
Adobe Pushed Emergency Patches For Two Critical Flaws.
Adobe has pushed out security updates for two critical vulnerabilities . Adobe Acrobat and Reader for Windows and Mac are affected.
The flaw reported by Apelt is identified as the CVE-2018-16011 and is a bug that can lead to arbitrary code execution. An Attacker can exploit the flaw by tricking an end user into clicking a PDF file which would execute a script with the privileges of the current logged in user.
The last vulnerability was discovered by Hariri and identified it as the CVE-2018-19725, is a security bypass flaw that could result in privilege escalation.
Contact your IT Leaders and make sure your software is updates. Some of you may already have the software to auto update or you can try to update the software yourself by opening up Adobe Acrobat or Reader and clicking Help Check for Updates .
Loading ...