Notices tagged with infosec, page 6

Google Play–more than 200 apps contain "SimBad" adware, downloaded more than 150 million times:

https://techcrunch.com/2019/03/13/new-android-adware-google-play/

– the malware masquerades as an ad-serving platform
– SimBad is mostly contained in free games
– list of infected apps: https://assets.documentcloud.org/documents/5766854/SimBad-AppList-Package.txt

#simbad #malware #adware #android #google #googleplay #infosec #cybersecurity #security

WordPress 5.1–critical exploit chain that enables an unauthenticated attacker to gain remote code execution on any WordPress installation:

https://blog.ripstech.com/2019/wordpress-csrf-to-rce/

– exploit is possible due to a CSRF vulnerability in comment forms
– fixed in WordPress 5.1.1

#wordpress #rce #csrf #wordpress5 #infosec #cybersecurity #security

~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

#Hacking #Infosec

Security question for #php #wordpress #infosec people: Is WordPress so insecure because its huge market share makes it a prime target for exploits, or is it insecure because PHP is just such an easily exploitable dumpster fire of a language?

Signal Desktop doesn't come in native flavours due to "time and money constraints":
https://github.com/signalapp/Signal-Desktop/issues/2178#event-1599168072

Uh-huh...
https://www.engadget.com/2018/02/22/signal-messenger-50-million-whatsapp-cofounder/

Right. #InfoSec

@aral Debian *really* needs to enable HTTPS repos by default. Enough is enough. #InfoSec

Parrot OS 4.5 released:

https://www.parrotsec.org/blog/parrot-4-5-release-notes/

– Parrot is 64bit only now
– new Docker templates introduced
– based on Linux 4.19
– contains Metasploit 5.0

#parrot #os #pentesting #security #infosec #cybersecurity #metasploit

Most consumer routers don't make use of modern security features of Linux:

https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf (PDF file)

– 28 popular routers don't make use of ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention), RELRO (RELocation Read-Only), and stack guards
– report contains Asus, D-Link, Linksys, Netgear, Synology, TP-Link, and Trendnet routers

#router #security #infosec #cybersecurity #aslr #dep #relro #linux #stack

For new users here are my interests just incase you have the same interests: ( This is my Authoring account, I often boost too @codeawayhaley )

#lgbt
#feminism
#anarchism
#communism
#antifascism
#medicine
#neuroscience
#neuroinformatics / #bioinformatics
#psychology
#mentalhealth
#unix
#infosec
#machinelearning / #artificialinteligence
#meteorology
#TropicalCyclones / #Typhoons / #Hurricanes
#vulcanology
#geology
#neurodiversity
#autism

Nearly 19,500 Orange LiveBox ADSL modems are leaking WiFi credentials:

https://www.zdnet.com/article/over-19000-orange-modems-are-leaking-wifi-credentials/

– vulnerability (CVE-2018-20377) allows a remote attacker to obtain the WiFi password and SSID for the modem's internal WiFi network just by accessing the modem's get_getnetworkconf.cgi
– nearly all modems are located in France and Spain
– see also https://github.com/zadewg/LIVEBOX-0DAY

#modem #adsl #orange #livebox #vulnerability #infosec #cybersecurity #security