Yabba dabba doo!

Credit to Author: Sharky| Date: Tue, 19 Feb 2019 03:00:00 -0800

Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can’t find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That’s easy enough — but it doesn’t work. Fish gets a message saying his account wasn’t found or the password didn’t match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here

Read more

A week in security (February 11 – 17)

Credit to Author: Malwarebytes Labs| Date: Mon, 18 Feb 2019 16:30:22 +0000

A roundup of security news from February 11-17 covering sextortion, Facebook phishing, Emotet, exploit kits, whole team security, anti-phishing plan, and lots more.

Categories:

Tags:

(Read more…)

The post A week in security (February 11 – 17) appeared first on Malwarebytes Labs.

Read more

Crack hunting: not all it’s cracked up to be

Credit to Author: Tammy Stewart| Date: Mon, 18 Feb 2019 16:00:00 +0000

People sometimes ask us in the forums if a keygen or software crack is safe to use. In this post, we’ll describe what happened when one of our researchers went crack hunting, and why it is often unsafe to carry out this activity.

Categories:

Tags:

(Read more…)

The post Crack hunting: not all it’s cracked up to be appeared first on Malwarebytes Labs.

Read more

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Credit to Author: BrianKrebs| Date: Mon, 18 Feb 2019 13:51:01 +0000

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers.

Read more