Category: News

From bleepingcomputer.com

A new browser extension called Behave! will warn you if a web site is using scripts to perform scans or attacks on local and private IP addresses on your network.

When browsing the web, scripts embedded on web pages can be used to not only port scan a visitor’s computer for open TCP ports, but also initiate attacks on other devices on your network.

In May, it was discovered that well-known sites such as eBay, Citibank, TD Bank, and more would port scan a visitor’s computer to identify Windows remote access programs running on it.

Read more…

From www.kitploit.com

FastNetMon – A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFlow, AF_PACKET, SnabbSwitch, netmap, PF_RING (obsoleted), PCAP).

What do we do?
We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows, per second and perform a configurable action to handle that event. These configurable actions include notifying you, switching off the server, or blackholing the client.
Flow is one or more ICMP, UDP, or TCP packets which can be identified via their unique src IP, dst IP, src port, dst port, and protocol fields.

Integration with flow systems
At a very high level integration with FastNetMon is fairly simple. In both cases the work flow is the same and the main difference being the port numbers provided. The port numbers are configurable.

Read more…

From securityboulevard.com

One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online.

Read more…

From arstechnica.com

On Sunday morning, local time in New Zealand, Rocket Lab launched its 13th mission. The booster’s first stage performed normally, but just as the second stage neared an altitude of 200km, something went wrong and the vehicle was lost.

In the immediate aftermath of the failure, the company did not provide any additional information about the problem that occurred with the second stage.

Read more…

From gbhackers.com

Critical security vulnerabilities discovered with the F5 BIG-IP application delivery controller (ADC) let remote attackers to run commands and to compromise the system.

The BIG-IP application delivery controller (ADC) use to handle application traffic and secure your infrastructure.

Based on Shodan search more than 8,000 vulnerable devices available from the internet in the world, more than 40% from the united states, 16% in China, 3% in Taiwan, and 2.5% in Canada and Indonesia.

Read more…

From securityonline.info

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts:

1. the “Broker” combines both a user-land agent and a self-extractable driver (IrpDumper.sys) that will install itself on the targeted system. Once running it will expose (depending on the compilation options) a remote named pipe (reachable from \\target.ip.address\pipe\cfb), or a TCP port listening on TCP/1337. The communication protocol was made to be simple by design (i.e. not secure) allowing any 3rd party tool to dump the driver IRPs from the same Broker easily (via simple JSON messages).
2. the GUI is a Windows 10 UWP app made in a ProcMon-style: it will connect to wherever the broker is, and provide a convenient GUI for manipulating the broker (driver enumeration, hooking and IRP capturing). It also offers facilities for forging/replaying IRPs, auto-fuzzing (i.e. apply specific fuzzing policies on each IRP captured), or extract IRP in various formats (raw, as a Python script, as a PowerShell script) for further analysis. The captured data can be saved on disk in an easily parsable format (*.cfb = SQLite) for further analysis, and/or reload afterward in the GUI.

Read more…

From gbhackers.com

Spyse is a cybersecurity search engine that has caught the attention of many pentesters due to its unique data-gathering design. Most services offer scanning tools, and Spyse places itself on a different tier by combining those tools into a search engine. 

Read more…