Baanboard.com

Go Back   Baanboard.com > News > RSS Newsfeeds > Sources

User login

Frontpage Sponsor

Main

Google search


Poll
How big is your Baan-DB (just Data AND Indexes)
0 - 200 GB
14%
200 - 500 GB
31%
500 - 800 GB
3%
800 - 1200 GB
7%
1200 - 1500 GB
10%
1500 - 2000 GB
14%
> 2000 GB
21%
Total votes: 29

Baanboard at LinkedIn


Reference Content

 
SANS Internet Storm Center
Syndicate content SANS Internet Storm Center, InfoCON: green
SANS Internet Storm Center - Cooperative Cyber Security Monitor
Updated: 32 weeks 1 day ago

Reminder: Beware of the "Cloud", (Sat, Mar 3rd)

March 3, 2018 - 11:57am
Today, when you buy a product, there are chances that it will be “connected” and use cloud services for, at least, one of its features. I’d like to tell you a bad story that I had this week. Just to raise your awareness... I won’t mention any product or service because the same story could append with many alternative solutions and my goal is not to blame them.
Categories: Security

Common Patterns Used in Phishing Campaigns Files, (Fri, Mar 2nd)

March 2, 2018 - 10:31am
Phishing campaigns remain a common way to infect computers. Every day, I'm receiving plenty of malicious documents pretending to be sent from banks, suppliers, major Internet actors, etc. All those emails and their payloads are indexed and this morning I decided to have a quick look at them just by the name of the malicious files. Basically, there are two approaches used by attackers:
Categories: Security

Why Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs?, (Thu, Mar 1st)

March 1, 2018 - 3:20pm
   China made big news last week by amending its constitution to allow President Xi to stay in power beyond the normal 10 years. While the move found great support from the Chinese party elite appointed by Xi, others in China are not all that happy about Xi being given powers not attained by anybody in China since Mao. The Chinese censors have long had a pretty tight grasp on social media in the country in order to curb any dissent.  For example, Chinese censors in cooperation with service providers in China have used automated tools that eliminate certain key terms from social media discussions. But we all know that signature-based filtering of “known bad words” is tricky.  
Categories: Security

How did this Memcache thing happen?, (Wed, Feb 28th)

February 28, 2018 - 4:18am
As pointed out earlier (https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/) this memcached reflected DDoS thing is pretty bad.  How bad?  Well, US-CERT updated its UDP-Based Amplification Attacks advistory (https://www.us-cert.gov/ncas/alerts/TA14-017A) to add Memcache to the list of potential attack vectors.  The really telling bit is the chart that shows the Bandwidth Amplification Factor.  Before memcache was added the largest factor was 556.9 from NTP where each byte sent in to a vulnerable server would return about 557 bytes in attack traffic.  Memecache is listed as 10,000 to 51,000.  That's remarkably large.
Categories: Security

Why we Don't Deserve the Internet: Memcached Reflected DDoS Attacks., (Tue, Feb 27th)

February 27, 2018 - 7:39pm
Let me start off by saying: If you have a memcached server in your environment that is exposed to the internet, then you should stop scanning for them, and spend your time writing a resume instead. Either because you do not want to work in an utterly incompetent organization like that, or if you are responsible for the exposed server, then well.. write a resume for a simpler job. (I was going to suggest a job here. But I can't come up with a job a sysadmin would be qualified for in a case like this)
Categories: Security

Malspam pushing Formbook info stealer, (Tue, Feb 27th)

February 27, 2018 - 6:51am
Introduction
Categories: Security

Cracking AD Domain Passwords (Password Assessments) - Part 1 - Collecting Hashes, (Mon, Feb 26th)

February 26, 2018 - 2:23pm
In my last 2 posts we discussed recovering passwords in a penetration test, first by using password spraying and then by using LLMNR (using the responder tool).  In both cases we discussed that it’s pretty likely that you’ll recover domain admin credentials in these steps.
Categories: Security

Retrieving malware over Tor on Windows, (Sun, Feb 25th)

February 26, 2018 - 12:14am
I found an easier way to retrieve malware over Tor on Windows, using free open-source software.
Categories: Security

Blackhole Advertising Sites with Pi-hole, (Sun, Feb 25th)

February 25, 2018 - 12:41pm
A coworker told me a few weeks ago that he started using Pi-hole to block all advertising and that got me curious. I checked the hardware requirements and already had a server I could install this on. I used CentOS 7.4 as my platform but before starting, make sure selinux isn't running because it isn't supported (It is one of the checks the installation script does). To check execute:
Categories: Security

CIS Controls Version 7, (Fri, Feb 23rd)

February 23, 2018 - 1:37am
The Center for Internet Security (CIS) has been working diligently to update the CIS Controls (formerly known as the Critical Security Controls). A compelling feature of the CIS Controls is their regular updates that reflect the current cyber threats that face organizations, both small and large. The CIS Controls are the product of a truly global collaboration effort. “The CIS Controls have always been the product of a global community of adopters, vendors, and supporters, and V7 will be no exception,” said Tony Sager, CIS Senior Vice President and Chief Evangelist for the CIS Controls.
Categories: Security

Passwords Part 2 - Passwords off the Wire using LLMNR, (Thu, Feb 22nd)

February 22, 2018 - 6:00pm
We ended yesterday’s story with what we hope was a successful password spray.  Let’s assume that we can then use one of the accounts we harvested in that exercise to VPN in and RDP to a host on the inside network.  
Categories: Security

All times are GMT +2. The time now is 17:01.


©2001-2018 - Baanboard.com - Baanforums.com