Tag Archive for: Kali

Week in review: Kali Linux gets on Linode, facial recognition defeated, Log4j exploitation

/in


Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Dealing with threats and preventing sensitive data loss
Recently, Normalyze, a data-first cloud security platform, came out of stealth with $22.2M in Series A funding. This was the perfect time to catch up with co-founder and CEO Amer Deeba. In this interview with Help Net Security, he talks about the path data security as well as visibility challenges.

Who are the best fraud fighters?
Seasoned fraud expert PJ Rohall has recently become the new Head of Fraud Strategy & Education at SEON. In this Help Net Security interview, he talks about how he entered the industry, about the evolving fraud landscape, and offers advice to other fraud fighters.

Linode + Kali Linux: Added security for cloud instances
Kali Linux, the popular open source Linux distribution specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers.

Researchers defeat facial recognition systems with universal face mask
Can attackers create a face mask that would defeat modern facial recognition (FR) systems? A group of researchers from from Ben-Gurion University of the Negev and Tel Aviv University have proven that it can be done.

Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS).

Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud
A massive phishing campaign has been targeting Office 365 (i.e., Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication (MFA) set up to protect the accounts.

PayPal-themed phishing kit allows complete identity theft
Sometimes phishers are just after your username and password, but other times they are after every scrap of sensitive information they can extract from you. To do that, they use tools like the phishing kit recently analyzed by Akamai researchers.

How to…

Source…

Remote Command Execution Explained and Demonstrated!

/in



Week in review: Kali Linux 2022.1 released, attackers leveraging Microsoft Teams to spread malware

/in


Week in review

Here’s an overview of some of last week’s most interesting news, articles and interviews:

Kali Linux 2022.1 released: New tools, kali-linux-everything, visual changes
Offensive Security has released Kali Linux 2022.1, the latest version of its popular open source penetration testing platform.

DDoS attacks knock Ukrainian government, bank websites offline
Unknown attackers have mounted disruptive distributed denial-of-service (DDoS) attacks against several Ukrainian government organizations and state-owned banks.

Attackers use Microsoft Teams as launchpad for malware
Hackers are starting to realize that Microsoft Teams is a great means of spreading tentacles throughout an organization’s systems; since the start of the year, Avanan has been seeing hackers increasingly dropping malware in Teams conversation.

Open banking innovation: A race between developers and cybercriminals
In this interview with Help Net Security, Karl Mattson, CISO at Noname Security, explains the wide usage of open banking and how it can easily be exploited if adequate security measures are not implemented.

Online fraud skyrocketing: Gaming, streaming, social media, travel and ecommerce hit the most
An Arkose Labs report is warning UK commerce that it faces its most challenging year ever. Experts analyzed over 150 billion transaction requests across 254 countries and territories in 2021 over 12 months to discover that there has been an 85% increase in login attacks and fake consumer account creation at businesses.

Qualys Context XDR: Bringing context to an organization’s security efforts
In this interview with Help Net Security, Jim Wojno, Senior Director of XDR at Qualys, explains the advantages of using Qualys Context XDR and how it can provide clarity through context.

The importance of implementing security scanning in the software development lifecycle
Veracode published a research that finds most applications are now scanned around three times a week, compared to just two or three times a year a decade ago. This represents a 20x increase in average scan cadence between 2010 and 2021.

How QR code ease of use has broaden the attack surface
In this interview with Help Net Security, Neil Clauson,…

Source…

Week in review: Kali Linux 2021.3, how to avoid cloud configuration breaches, hybrid digital dexterity

/in


Here’s an overview of some of last week’s most interesting news, articles and interviews:

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)
Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in attacks in the wild.

Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more!
Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it.

CVE-2021-40444 exploitation: Researchers find connections to previous attacks
The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskIQ have shared.

Microsoft announces passwordless authentication option for consumers
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users.

Third-party cloud providers: Expanding the attack surface
In this interview with Help Net Security, Fred Kneip, CEO at CyberGRX, talks about the lack of visibility into third-party risk, how to address this issue, and what companies should consider when choosing the right cloud provider.

Only 30% of enterprises use cloud services with E2E encryption for external file sharing
A recent study of enterprise IT security decision makers conducted by Tresorit shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology.

Mobile app creation: Why data privacy and compliance should be at the forefront
In today’s mobile app landscape, providing customers with the most tailored and personal experience possible is essential to edging out competitors….

Source…