ugotag.com  
  
× ANCIENT WORLD ANIMALS AQUARIUM ARCHERY ARCHITECTURE ART ARTIFICIAL INTELLIGENCE AUDIO BOOKS AVIATION BABY BEAUTY BIG THOUGHTS BIKING BIOLOGY BIRDS BLOCKCHAIN BUSINESS AUTOMOTIVE CATS CHRISTMAS COLD WAR COMPUTER SECURITY CRAFTS CRIME STORIES CRYPTOCURRENCY CSGO DIGITAL COMBAT SIMULATOR DINOSAUR DOGS EASTER ECONOMICS ELECTRONICS ENGINEERING ENVIRONMENT FAR CRY 5 FARMING FASHION FISHING FITNESS FOOD & DRINK FORTNITE BATTLE ROYALE FREEDOM OF SPEECH FUNNY GAMBLING GAMING GARDENING GEOPOLITICS GOD OF WAR GUITAR GUNS HALLOWEEN HARRY POTTER HEALTH & WELLNESS HISTORY YOUR HOME HOME REPAIR HOMEBREW INSECTS INTERESTING KIDS KITCHEN KNITTING LAWNCARE LEGO LIQUOR LOCKSPORT MARKETING MARTIAL ARTS MATH MENS STYLE MINECRAFT MOBILE DEVICES MOTORBIKES MOVIES MULTIPLICATION MUSIC MYSTERY NEUROSCIENCE OLYMPICS ORGANIZATION OUTDOORS PETS PHILOSOPHY PHOTOGRAPHY PHYSICS PI DAY POLITICS POTTERY PRIVACY PROGRAMMING PSYCHOLOGY RECIPE RED DEAD REDEMPTION RELAXING RELIGION REMOTE CONTROL ROCKCLIMBING SCI FI SCI FY SCIENCE SHOOTING SPORTS SKATEBOARDING SPECIAL FORCES SPEECHES SPORTS STAR WARS STEM STPATRICKS STYLE TECHNOLOGY THANKSGIVING TOYS TRAVEL TV VALENTINE'S DAY WAR WEDDING WOODWORKING WW1 WORLD WAR 2
HOME  |  TECHNOLOGY  |  HEALTH  |  FOOD  |  MORE

COMPUTER SECURITY

| Interesting videos and articles about hacking, computer security, and innovative ways of controlling technology.
 
videos
VIDEO

You’re Probably Not Red Teaming... And Usually I’m Not, Either

In a world where it seems everyone and their dog is doing “penetration testing” nowadays, many individuals have started attempting to distinguish themselves by referring to their work as “red teaming.” Heck, that’s wound up in some bios which have been written for me in the past. However, this ...
 
 
videos
VIDEO

BSides Nashville 2018 Red 00 Blue Cloud of Death Red Teaming Azure Bryce Kunz

Hacking AWS, Azure and IaaS infrastructure from BSides Nashville.
 
 
ARTICLE  


Uber To Obscure Rider's Trip Details From Drivers

Uber announced its intention to obscure rider's trip history from drivers. Currently, the ride sharing app provides drivers with a detailed trip history of riders. The change is part of a set of changes Uber is making to comply with the European Union’s new General Data Protection Regulation(GDPR).
 
 
videos
VIDEO

Hackers Reveal How They Make Money Breaking Into Companies | Inc.

TrustedSec founder David Kennedy has built a successful company around white hat hacking. His team is hired to test companies' security weakness -- by figuring out how to break into them. Hosted by Gerard Adams. Chris Beier | Executive Producer Will Yakowicz | Producer Maxwell Mueller | As...
 
 
videos
VIDEO

BG - Pacu: Attack and Post-Exploitation in AWS - Spencer Gietzen

Pacu: Attack and Post-Exploitation in AWS - Spencer Gietzen Breaking Ground BSidesLV 2018 - Tuscany Hotel - Aug 08, 2018
 
 
videos
VIDEO

GSM Phone on a Conference Badge - Computerphile

The Electromagnetic Field Festival (EMF Camp) happens every two years - as an event for makers and those interested in tech, their conference badges are a bit special... Freelance PCB designer Matt Lloyd takes us through Tilda Mk.4 (delta)
 
 
ARTICLE  


Monero Mining Trojan Written in AutoHotKey

A polymorphic parasitic cryptominer written in the AutoHotKey scripting language has been spotted by Trend Micro. The trojan joins a command and control network and mines for the Monero cryptocurrency.
 
 
videos
VIDEO

DEF CON 15 - Moore and Valsmith - Tactical Exploitation

HD Moore & Valsmith: Tactical Exploitation Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through ...
 
 
videos
VIDEO

How Israel Rules The World Of Cyber Security, VICE on HBO, Full Episode

U.S. intelligence agencies accuse Russia of hacking the 2016 presidential election, a Ben Ferguson travels to Tel Aviv to find out how Israel is on its way to becoming the world's top cyber superpower.
 
 
videos
VIDEO

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs

This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to expl...
 
 
ARTICLE  


Exploit for Nintendo Switch bootROM

A newly published chain of exploits for the Nvidia Tegra X1 chip used in the Nintendo Switch has been released by the hacking team at ReSwitched.
 
 
videos
VIDEO

An Attacker Looks at Docker: Approaching Multi-Container Applications

The goal of this talk is to provide a penetration tester experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. By Wesley McGrew
 
 
videos
VIDEO

Cicada 3301: An Internet Mystery

In this video I explore an elaborate cryptographic internet puzzle orchestrated by a mysterious individual or group known as Cicada 3301.
 
 
ARTICLE  


Rarog Parasitic Cryptocurrency Mining Trojan

Palo Alto's Unit42 has released an analysis of the Rarog parasitic cryptocurrency miner trojan. The trojan parasitically mines the Monero cryptocurrency and sells for 6,000 Rubles.
 
 
ARTICLE  


Orangeworm Hacker Group Targeting Healthcare

Symantec has dubbed a malicious actor group responsible for infecting healthcare organizations "Orangeworm". According to Symantec, the malware was found on X-Ray and MRI machines.
 
 
ARTICLE  


Internet Explorer Zeroday Attack Discovered by Qihoo 360

Security researchers from the Chinese security firm
Qihoo 360 claim to have identified a zero day APT attack against Internet Explorer. The researchers claim the attack uses public UAC bypass, reflective DLL loading, fileless execution, and steganography.
 
 
ARTICLE  


Drupalgeddon2: Drupal Servers Under Attack by At Least Three Groups

Security researchers are saying that at least three groups are targeting the "Drupalgeddon2"(CVE-2018-7600) vulnerability in the Drupal content management system.
 
 
ARTICLE  


2018 RSA Conference Exposes 114 Attendees

The app used at the 2018 RSA Conference was found to expose user data according to "svbl". The conference organizers confirmed that 114 first and last names of RSA Conference Mobile App users were publicly accessible.
 
 
ARTICLE  


IIS Vulnerability Used to Mine Electroneum Cryptocurrency

Attackers use IIS flaw to parasitically cryptomine the Electroneum mobile-based cryptocurrency. The attack exploits the CVE–2017–7269 flaw in IIS to install the XMRig cryptominer via the "Squiblydoo" technique,
 
 
ARTICLE  


PowerHammer Exfiltrates Data from Power Lines

The group of researchers responsible for BitWhisper and MAGNETO have released a method to exfiltrate data via power lines - PowerHammer.
 
 
ARTICLE  


Youtube Videos Defaced with Political Message

BBC is reporting that Youtube videos have been defaced with "Free Palestine" messages. Some of the artists affected include Shakira, Selena Gomez, Drake and Taylor Swift.
 
 
ARTICLE  


"Mastermind" Behind Fin7 Credential Theft Gang Arrested

Fin7 (AKA Carbon Spider, Cobalt Spider, Carbanak) mastermind arrested in Spain. The hacking group is said to be behind breaches like SAKS Fifth Avenue, Omni Hotels, Trump Hotels, Whole Foods, and Chipotle.
 
 
BLOG  


Verge Cryptocurrency Under 51% Attack Due to Timestamp

There is a reported >51% attack in the Verge(XVG) cryptocurrency due to a bug in the timestamp handling code. The attack is said to have resulted in the theft of between 250000 and 3.9 million coins depending on who's numbers you take.
 
 
BLOG  


Monero Miner Hiding as Scarlett Johansson Image

A malicious cryptominer attack disguising itself as a Scarlett Johansson Image has been discovered.

The attack targets PostgreSQL servers and analyzes the victim's GPU prior to installing the Monero Cryptominer.
 
 
BLOG  


New Samples of "Hacking Team"'s "Remote Control System" in Wild

ESET has discovered new versions of the "Hacking Team"'s "Remote Control System".

The spyware vendor gained notoriety for selling surveillance tools to governments and their agencies across the world.

The capabilities of Remote Control System include extracting files, intercepting email and IM and monitoring camera and microphone.
 
 
BLOG  


Details of Artificial Intelligence Threat Detection from Microsoft Windows Defender Research

Microsoft highlights their use of Artificial Intelligence(AI), and Machine Learning(ML), to detect a February 3, 2018 outbreak of the Emotet virus. Their use of gradient boosting, ensemble models, feature vectors, and client-side and cloud machine learning models are discussed.
 
 
BLOG  


ComboJack Malware Redirects Cryptocurrency Payments

A strain of malware has been found to monitor clipboards for cryptocurrrency payment addresses, swapping them for addresses controlled by the malware author.

The development follows the behavior of the CryptoShuffler malware discovered by Kaspersky in October 2017.
 
 
BLOG  


SGXPECTRE: Exposing Data From Intel Software Guard eXtensions (SGX) Enclaves

Researchers from Ohio State University announced an attack to expose data from Intel's Software Guard eXtensions (SGX) Enclaves.

Though the attack is different in implementation from the previous Meltdown and Spectre vulnerabilities, the information retrieval from protected areas of Intel chips is similar, so the attack has been dubbed SGXPECTRE
 
 
BLOG  


Github, Dropbox and Google Used to Deliver ShortJSRAT

Cloud security vendor, Netskope released an analysis of a ShortJSRAT infection chain that uses a Google URL shortener link, as well as Dropbox and Github payload storage.

The use of cloud infrastructure is designed to aid in attack resilience, and help make the attack difficult to detect.
 
 
BLOG  


Cryptomining Behind Most Remote Code Execution Attacks

Cyber security firm Imperva claims in a February 20, 2018 blog post that the goal of 90 percent of remote code execution attacks in December 2017 is cryptomining malware or cryptojackers.

Many of the cryptominers are mining Monero as it can be mined with a regular CPU.

 
 
BLOG  


Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability

A stack overflow in Acrobat Reader's handling of the Document ID field has been announced. The vulnerability can be exploited via a JavaScript form in an attack PDF.
 
 
BLOG  


Business Email Compromise Attacks Actively Targeting Fortune 500 Companies

Business Email Compromise (BEC) attacks involve forgoing malware attachments, instead using spam messages to target the user.

The goal of Business Email Compromise attacks is to harvest credentials for further attack, or to trick the recipient into initiating a money transfer.
 
 
BLOG  


Exposed Cloud Storage Buckets Leak Private Data and Open to Ransomware Attack

The BBC is reporting that Security Researchers have posting warning messages in exposed Amazon buckets. Exposed buckets have played a role in data leaks from Uber, Verizon, the WWE, Booz Allen Hamilton, and Dow Jones in the last 18 months.

Kevin Beaumont added that these exposed buckets are a ransomware attack waiting to happen.
 
 
BLOG  


Internet Explorer exposed via Microsoft Word's Online Video feature

Researchers at Votiro have discovered that Microsoft Word's Online Video feature actually spawns an encapsulated iexplore.exe process.

This means that a user opening a Word document and intending to watch an embedded video could expose themselves to a variety of Internet Explorer exploitive and cryptojacking type attacks accessed via JavaScript.
 
 
BLOG  


Deep Neural Networks for Bot Detection

Researchers have used contextual long short-term memory (LSTM) and deep neural networks to detect bots at the tweet level using both content of the message and metadata about the user.
 
 
BLOG  


Google Finds Fundamental Bypass Technique in Microsoft Edge

Google Project Zero has disclosed a way to bypass the Arbitrary Code Guard(ACG) found in Microsoft Windows 10 via the Edge browser.

The attack involves predicting which address the JIT process is going to call VirtualAllocEx().
 
 
BLOG  


Security Flaw in Skype Grants Attacker Grants Attacker System-level Access

Security researcher Stefan Kanthak discovered that the Skype updater could be exploited with DLL hijacking, allowing the attacker to execute a malicious DLL rather than the correct one.
 
 
BLOG  


Details of AI Threat Detection from Microsoft Windows Defender Research

Microsoft highlights their use of Artificial Intelligence(AI), and Machine Learning(ML), to detect a February 3, 2018 outbreak of the Emotet virus. Their use of gradient boosting, ensemble models, feature vectors, and client-side and cloud machine learning models are discussed.
 
 
BLOG  


Olympic Destroyer Malware Attempts to Shut Down Pyeongchang Games

Researchers at Cisco have discovered that the malware responsible for the Pyeongchang Olympic games opening ceremony contained browser credential stealers and disk wipers.
 
 
BLOG  


Hacker Group Runs Debian Linux on Nintendo Switch

Hacker group fail0verflow claims it has found a way to run Debian Linux on the Nintendo Switch. According to fail0verflow, there is a flaw in the Nvidia Tegra X1 system-on-a-chip boot ROM. Since the boot ROM is stored on the read only chip at manufacture time, there is no way for Nintendo or Nvidia to patch the vulnerability.
 
 
BLOG  


Cyber Attacks Targeting Pyeongchang Olympics in Korean Have Begun

Cyber attacks agains organisations involved in Pyeongchang Olympics have begun according to McAfee. The attack dubbed Gold Dragon installs fileless implants with the goal of data exfiltration. The attack specifically targets Korean language users, and the Hangul word processor which is common in Korea.
 
 
BLOG  


CrossRAT targets OSX, Linux, and Windows

CrossRAT provides the attacker to take screen shots, and run arbitrary programs.
 
 
BLOG  


OilRig IIS Backdoor found on Middle Eastern gov, fin, and edu computers.

Researchers at PaloAlto Networks found an IIS backdoor called RGDoor installed on government, financial, and educational webservers with the intent of providing access if main backdoors are removed.
 



Next Page






HOME     SIGN UP     CONTACT US