NASA Data Breach Exposing Employee Records
In October Hackers were successful in hacking into and obtaining the information that resides from within an HR Database. The amount of information extracted is potentially significant which compromised records from July 2006 to October 2018 from previous and current employees. There was an internal Memo sent Tuesday to NASA Employees and published at spaceref.com.
NASA did mention that it will assist employees with the help from identity protection services. “The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency,” a NASA spokesperson told Gizmodo.… Read the rest
Memes in Twitter can be used to inject Malware
This new malware uses Twitter to deploy Remote Access Tojans (RATs) from a image. The malware can infect vulnerable computers and collect information, take screenshots and jump to other computers to infect them as well.
Trend Micro said in their Blog Post that the malware listens for commands within the the hackers twitter account . The researchers found two tweets that are used to hide a “/print” command in the image which told the malware to take a screenshot of an infected computer. The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots .
6.8M Facebook Users Private Photos Exposed
The Facebook bug allowed 1,500 apps built by 800+ developers to view unposted private photos.
Friday Facebook disclosed that a bug in the platform enabled third-party apps to access unpublished photos of millions of users.
When your writing a new post and upload a photo but do not finish posting it Facebook will store it in the database as a draft. This gave the third party app creators access to these drafts.
Facebook has seen many other breaches, enough is enough. I’m sure there will be a class action lawsuit. I believe the reputation of Facebook has been continually tarnished by security issues and users are deeply thinking about disabling their accounts.
… Read the rest
Top Worst Passwords Of All Time
Take security serious, here is a lists of the top 500 worst passwords. Any password documented publicly or available in the darkweb can be used in a dictionary attack. This is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
| NO | Top 1-100 | Top 101–200 | Top 201–300 | Top 301–400 | Top 401–500 |
| 1 | 123456 | porsche | firebird | prince | rosebud |
| 2 | password | guitar | butter | beach | jaguar |
| 3 | 12345678 | chelsea | united | amateur | great |
| 4 | 1234 | black | turtle | 7777777 | cool |
| 5 | pussy | diamond | steelers | muffin | cooper |
| 6 | 12345 | nascar | tiffany | redsox | 1313 |
| 7 | dragon | jackson | zxcvbn | star | scorpio |
| 8 | qwerty | cameron | tomcat | testing | mountain |
| 9 | 696969 | 654321 | golf | shannon | madison |
| 10 | mustang | computer | bond007 | murphy | 987654 |
| 11 | letmein | amanda | bear | frank | brazil |
| 12 | baseball | wizard | tiger |
DuckDuckGo better than Google for privacy
#1 — Google tracks you. DuckDuckGo Doesn’t
You share your most intimate secrets with your search engine without even thinking: medical, financial and personal issues, along with all the day to day things that make you, well, you. All of that personal information should be private, but on Google it’s not. On Google, your searches are tracked, mined, and packaged up into a data profile for advertisers to follow you around the Internet through those intrusive and annoying ever-present banner ads, using Google’s massive ad networks, embedded across millions of sites and apps.
In fact, it’s a myth that you need to track people to make money in web search. When you search ‘car’ they can show you a car ad without knowing anything about you. That’s how they make money and it doesn’t involve tracking because it is based on the keyword and not the person. Google could … Read the rest
Mac Malware Injects Ads Into Encrypted Traffic
A newly discovered malware infection targeting macOS devices.
Malwarebytes security researchers say it has the ability of injecting ads into encrypted web traffic.
This malware is call OSX.SearchAwesome, the malware is delivered by a malicious installer that arrives as an app downloaded using a torrent file. The malware installer looks like a disk image file but doesn’t have the usual icon art that is used to make it look legitimate.
When the malware is launched, the image file installs the the payload silently and then it requests the user to authorize changes to the Certificate Trust Settings and to allow a component called spi to modify the network configuration. This will then allow the malware to inject itself to network traffic.
… Read the rest
How To Fix RDP Connection Was Denied
Learn how to troubleshoot and resolve the “RDP connection was denied” error. Fix issues preventing remote desktop access with simple steps and solutions.
RDP Connection Was Denied to allow a end user to remote connect to the computer?
The connection was denied because the user account is not authorized for remote login.- Right-click My Computer, and select Properties.
- Select the Remote tab.
- IF not already done: Select “Allow users to connect remotely to this computer.
- Click “Select Users” if you want to add a non-Administrator user.
- Click Add.
- Select \ type the user in question, and click OK.
- Click OK to close the Remote Desktop Users dialog box.
- Click OK to close the main dialog box.
To Open RDP to Public:
- Allow port 3389 through windows firewall or your AV firewall
- You will also have to allow port 3389 through your physical firewall \ router.
- If default port changed the
Marriott Data Breach hits 500 million Starwood Guests
Marriott Data Breach hits 500 million Starwood guests. It was said that during the investigation, there had been unauthorized access to the Starwood network since 2014. The information copied from the Starwood guest database over all this time were names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (“SPG”) account information, dates of birth, gender, arrival and departure information, reservation dates, and communication preferences.
Starwood brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.
Attempted Breach on DELL EMC Network
There was an attempted breach on DELL EMC customers using Dell.com. The company has been stressing customers to change their passwords. Dell cybersecurity teams are still not sure on how hackers got access to the information on the website. They are not sure if it was due to vulnerabilities or other causes. But it was said they took proper measures to mitigate any further attacks.
Dell Announces Potential Cybersecurity Incident
ROUND ROCK, Texas, Nov. 28, 2018 – Dell is announcing that on November 9, 2018, it detected and disrupted unauthorized activity on its network attempting to extract Dell.com customer information, which was limited to names, email addresses and hashed passwords. Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted. Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure. These
Hackers Breach Dunkin’ Donuts Accounts
Tuesday Dunkin’ Donuts posted an advisory on the website regarding to its credential stuffing attack on the companies data.
What does This Credential Stuffing mean?
Credential stuffing is a term related to a specific type of hacking that secures user credentials by breaching a system, and then attempts to use those credentials with other systems. Like other kinds of related hacking, credential stuffing attacks rely on hackers being able to get into a network and take out sensitive user information such as passwords and usernames.
Dunkin Brands Inc. (“Dunkin’”) is writing to provide you with information regarding a recent
incident involving your DD Perks account. Although Dunkin’ did not experience a data security
breach involving its internal systems, we’ve been informed that third-parties obtained usernames
and passwords through other companies’ security breaches and used this information to log into
some Dunkin’ DD Perks accounts. One of these may have been … Read the rest
Loading ...