From 56066d9ae20c27adbe84c81c50906e70754195d0 Mon Sep 17 00:00:00 2001 From: Ken Fallon Date: Thu, 23 Nov 2023 21:29:41 +0100 Subject: [PATCH] 2023-11-23_20-29-41Z_Thursday database changed --- sql/hpr-db-part-14.sql | 4 ++-- sql/hpr-db-part-15.sql | 3 ++- sql/hpr.sql | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/sql/hpr-db-part-14.sql b/sql/hpr-db-part-14.sql index 74980db..56849c0 100644 --- a/sql/hpr-db-part-14.sql +++ b/sql/hpr-db-part-14.sql @@ -571,7 +571,8 @@ INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hosti (3999,'2023-11-30','Holiday Challenges Series Ep 02 TryHackMe Advent of Cyber Challenge',183,'Discussing the TryHackMe Advent of Cyber challenge to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 2 - TryHackMe Advent of Cyber Challenge\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

I have been using TryHackMe for several years, and I recommend it to\nall of my students. It is a great environment where people can get hands\non experience with technology that relates to cyber security, all from\nthe comfort of their browser and free year-round.

\n

The TryHackMe Advent of Cyber challenge is a free gamified\nenvironment which focuses on penetration testing, security\noperations/engineering, forensics/incident response, malware analysis,\nmachine learning, and more!

\n

This year\'s challenge opens on December 1, 2023 (Which is the reason\nwhy I am posting twice this week). Typically, the Advent of Cyber\nchallenge includes daily beginner-friendly exercises for people new to\ncybersecurity. These can consist of walkthroughs, video tutorials, and\nchallenges. There are also prizes available based on random drawings and\non participant success.

\n

Infosec personalities like John Hammond, Gerald Auger, InsiderPHD,\nand InfoSec Pat are featured in this year\'s challenge.

\n

You can play with last year\'s Advent of Cyber challenge by visiting\nhttps://tryhackme.com/room/adventofcyber4. It outlines\nthe overall story and shows all of the tasks last year\'s participants\nexperienced, including both offensive and defensive topics like: log\nanalysis, OSINT, scanning, brute force attacks, email analysis,\nCyberChef, blockchain smart contracts, malware analysis, memory\nforensics, packet analysis, web application hacking, and more!

\n

Everything can be done with a free account from within a browser.

\n

If you want to learn more about cybersecurity, transition your career\ninto infosec, or just have fun playing with cyber challenges, you can\ngive it a try by visiting tryhackme.com or https://tryhackme.com/r/christmas

\n

Please note: I am not affiliated with TryHackMe in any way, other\nthan having been a paying member for many years. Students and others who\nhave participated in previous year\'s Advent of Cyber challenges have\ntold me how much they enjoyed it and learned from it. Even though I have\nbeen an infosec practitioner for more years than I would like to admit,\nI also have enjoyed taking part in this challenge.

\n

If this is not for you, I will be sharing another option for a\nholiday challenge in my next episode.

\n',394,0,0,'CC-BY-SA','Advent of Cyber, TryHackMe, Hands on, cyber, cybersecurity, infosec, holiday, challenge',0,0,1), (4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 3 - SANS Holiday Hack Challenge with\nKringleCon\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

The SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.

\n

Everything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.

\n

Ed Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ

\n

You can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/

\n

There, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.

\n

I am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.

\n

I hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.

\n

Have a wonderful day.

\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,1), (3997,'2023-11-28','The Oh No! News.',875,'Sgoti talks about Malware distributed via Google\'s Dynamic Ads and more.','

The Oh No! news.

\n

Oh No! News is Good\nNews.

\n
    \n
  • TAGS: Oh No, News, Threat analysis, InfoSec, Google\nDynamic Search Ads
    • \n
\n
\n

Threat analysis;\nyour attack surface.

\n
    \n

  • Source: Former\nNHS secretary found guilty of illegally accessing medical\nrecords
    \n

    \n
      \n
    • A former NHS employee has been found guilty and fined for illegally\naccessing the medical records of over 150 people.
      \n
      • \n
    • Loretta Alborghetti, from Redditch, worked as a medical secretary\nwithin the Ophthalmology department at Worcestershire Acute Hospitals\nNHS Trust when she illegally accessed the records.
      \n
      • \n
    • \n

  • Supporting Source: Open\nStreet Map link to Redditch Worcestershire.
    \n

    • \n

  • Source: NetSupport\nRAT Infections on the Rise. Targeting Government and Business\nSectors
    \n

    \n
      \n
    • While NetSupport Manager started off as a legitimate remote\nadministration tool for technical assistance and support, malicious\nactors have misappropriated the tool to their own advantage, using it as\na beachhead for subsequent attacks.
      \n
      • \n
    • \n

  • Source: Beware:\nMalicious Google Ads Trick WinSCP Users into Installing\nMalware
    \n

    \n
      \n
    • The threat actors are believed to leverage Google\'s Dynamic Search\nAds (DSAs), which automatically generates ads based on a site\'s content\nto serve the malicious ads that take the victims to the infected\nsite.
      \n
      • \n
    • \n

  • Source: Trojanized\nPyCharm Software Version Delivered via Google Search Ads.
    \n

    \n
      \n
    • Victims who clicked on the ad were taken to a hacked web page with a\nlink to download the application, which turned out to install over a\ndozen different pieces of malware instead.
      \n
      • \n
    • \n
\n
\n

InfoSec; the language\nof security.

\n
    \n
  • Source: Why\nDefenders Should Embrace a Hacker Mindset
    \n
    • \n
\n
\n
    \n
  • Additional Information.\n
      \n
    • What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
      \n
      • \n
    • What is \"Malware\"?\nMalware (a portmanteau for\nmalicious software) is any software intentionally designed to cause\ndisruption to a computer, server, client, or computer network, leak\nprivate information, gain unauthorized access to information or systems,\ndeprive access to information, or which unknowingly interferes with the\nuser\'s computer security and privacy.
      \n
      • \n
    • What is a \"Payload\"?\nIn the context of a computer virus or worm, the payload is the portion\nof the malware which performs malicious action; deleting data, sending\nspam or encrypting data. In addition to the payload, such malware also\ntypically has overhead code aimed at simply spreading itself, or\navoiding detection.
      \n
      • \n
    • What is \"Phishing\"?\nPhishing is a form of social engineering\nwhere attackers deceive people into revealing sensitive information or\ninstalling malware such as ransomware. Phishing\nattacks have become increasingly sophisticated and often transparently\nmirror the site being targeted, allowing the attacker to observe\neverything while the victim is navigating the site, and transverse any\nadditional security boundaries with the victim.
      \n
      • \n
    • Social\nengineering (security) In the context of information security,\nsocial engineering is the psychological\nmanipulation of people into performing actions or divulging\nconfidential information. A type of confidence trick for the purpose of\ninformation gathering, fraud, or system access, it differs from a\ntraditional \"con\" in that it is often one of many steps in a more\ncomplex fraud scheme.
      \n
      • \n
    • What is \"Information\nSecurity\" (InfoSec)? Information security, sometimes shortened to\nInfoSec, is the practice of protecting information by mitigating information risks. It\nis part of information risk\nmanagement.\n
        \n
      • Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.).\nInformation Systems are composed in three main portions, hardware,\nsoftware and communications with the purpose to help identify and apply\ninformation security industry standards, as mechanisms of protection and\nprevention, at three levels or layers: physical, personal and\norganizational. Essentially, procedures or policies are implemented to\ntell administrators, users and operators how to use products to ensure\ninformation security within the organizations.
        \n
        • \n
      • \n
    • What is \"Risk\nmanagement\"? Risk management is the identification, evaluation, and\nprioritization of risks followed by coordinated and economical\napplication of resources to minimize, monitor, and control the\nprobability or impact of unfortunate events or to maximize the\nrealization of opportunities.
      \n
      • \n
    • What is a \"Vulnerability\"\n(computing)? Vulnerabilities are flaws in a computer system that\nweaken the overall security of the device/system. Vulnerabilities can be\nweaknesses in either the hardware itself, or the software that runs on\nthe hardware.
      \n
      • \n
    • What is an \"Attack\nSurface\"? The attack surface of a software environment is the sum of\nthe different points (for \"attack vectors\") where an unauthorized user\n(the \"attacker\") can try to enter data to or extract data from an\nenvironment. Keeping the attack surface as small as possible is a basic\nsecurity measure.
      \n
      • \n
    • What is an \"Attack\nVector\"? In computer security, an attack vector is a specific path,\nmethod, or scenario that can be exploited to break into an IT system,\nthus compromising its security. The term was derived from the\ncorresponding notion of vector in biology. An attack vector may be\nexploited manually, automatically, or through a combination of manual\nand automatic activity.
      \n
      • \n
    • What is\n\"Standardization\"? Standardization is the process of implementing\nand developing technical standards based on the consensus of different\nparties that include firms, users, interest groups, standards\norganizations and governments. Standardization can help maximize\ncompatibility, interoperability, safety, repeatability, or quality. It\ncan also facilitate a normalization of formerly custom processes.\n
      • \n
    • What is a \"Replay\nattack\"? A replay attack is a form of network attack in which valid\ndata transmission is maliciously or fraudulently repeated or delayed.\nAnother way of describing such an attack is: \"an attack on a security\nprotocol using a replay of messages from a different context into the\nintended (or original and expected) context, thereby fooling the honest\nparticipant(s) into thinking they have successfully completed the\nprotocol run.\"
      \n
      • \n
    • What is a\n\"Man-in-the-middle attack\"? In cryptography and computer security, a\nman-in-the-middle, ..., attack is a cyberattack where the attacker\nsecretly relays and possibly alters the communications between two\nparties who believe that they are directly communicating with each\nother, as the attacker has inserted themselves between the two\nparties.
      \n
      • \n
    • What is \"Transport Layer\nSecurity\" (TLS)? Transport Layer Security (TLS) is a cryptographic\nprotocol designed to provide communications security over a computer\nnetwork. The protocol is widely used in applications such as email,\ninstant messaging, and voice over IP, but its use in securing HTTPS\nremains the most publicly visible.
      \n
      • \n
    • What is a \"Handshake\"\n(computing)?. In computing, a handshake is a signal between two\ndevices or programs, used to, e.g., authenticate, coordinate. An example\nis the handshaking between a hypervisor and an application in a guest\nvirtual machine.
      \n
      • \n
    • What is Security\ntheater? The practice of taking security measures that are\nconsidered to provide the feeling of improved security while doing\nlittle or nothing to achieve it.
      \n
      • \n
    • \n
\n
\n\n',391,74,0,'CC-BY-SA','Oh No News, Threat analysis, InfoSec, Google Dynamic Search Ads',0,0,1), -(4005,'2023-12-08','Sgoti\'s reply to multiple shows.',893,'Sgoti replies to a few HPR Shows.','

Sgoti\'s reply to multiple\nshows.

\n

Sgoti replies to a few HPR\nShows.

\n
    \n

  • Tags: Reply show, password managers, lastpass.

    • \n

  • Reply to: hpr3988\n:: Beeper.com
    \n

    • \n

  • Supporting Source: Beeper chat application
    \n

    • \n

  • Supporting Source: Beeper Github page
    \n

    • \n

  • Supporting Source: Work with us at\nBeeper
    \n

    • \n

  • Reply to: hpr3989 :: LastPass\nSecurity Update 1 November 2023
    \n

    • \n

  • Reply to: hpr3994 ::\nLastpass Response
    \n

    • \n

  • Source: The\nTHREE STOOGES - A Plumbing We Will Go
    \n

    • \n

  • Source: Whitest Kids U Know:\nLeg Peeing
    \n

    \n
      \n
    • This was just funny. I found it while searching for, \"why the\nBritish say things like taking a piss\".
      • \n
    • \n
\n

This work is licensed under a Creative Commons\nAttribution-ShareAlike 4.0 International License.

\n',391,0,0,'CC-BY-SA','reply show, password managers, lastpass',0,0,1); +(4005,'2023-12-08','Sgoti\'s reply to multiple shows.',893,'Sgoti replies to a few HPR Shows.','

Sgoti\'s reply to multiple\nshows.

\n

Sgoti replies to a few HPR\nShows.

\n
    \n

  • Tags: Reply show, password managers, lastpass.

    • \n

  • Reply to: hpr3988\n:: Beeper.com
    \n

    • \n

  • Supporting Source: Beeper chat application
    \n

    • \n

  • Supporting Source: Beeper Github page
    \n

    • \n

  • Supporting Source: Work with us at\nBeeper
    \n

    • \n

  • Reply to: hpr3989 :: LastPass\nSecurity Update 1 November 2023
    \n

    • \n

  • Reply to: hpr3994 ::\nLastpass Response
    \n

    • \n

  • Source: The\nTHREE STOOGES - A Plumbing We Will Go
    \n

    • \n

  • Source: Whitest Kids U Know:\nLeg Peeing
    \n

    \n
      \n
    • This was just funny. I found it while searching for, \"why the\nBritish say things like taking a piss\".
      • \n
    • \n
\n

This work is licensed under a Creative Commons\nAttribution-ShareAlike 4.0 International License.

\n',391,0,0,'CC-BY-SA','reply show, password managers, lastpass',0,0,1), +(3998,'2023-11-29','Using open source OCR to digitize my mom\'s book',1847,'How I used open source tools such as gphoto2 and the OCR software tesseract to digitize pages','

To improve the speed of my workflow, I wrote a bash script that uses\nthe open source programs programs gphoto2,\ntesseract, grep and ImageMagick\nto digitize my mom\'s 338 page book. Here is the link to the script:\nhttps://github.com/deltaray/ocr-script

\n',194,0,0,'CC-BY-SA','ocr,opensource,grep,scripts,programming',0,0,0); /*!40000 ALTER TABLE `eps` ENABLE KEYS */; UNLOCK TABLES; @@ -997,4 +998,3 @@ INSERT INTO `hosts` (`hostid`, `host`, `email`, `profile`, `license`, `local_ima (70,'TheYellow1','TheYellow1.nospam@nospam.gmail.com','','CC-BY-SA',0,'',1,'The Yellow One'), (71,'Will Jason','willjasen.nospam@nospam.charter.net','','CC-BY-SA',0,'',1,'Will Jason'), (411,'Paul J','hpr.nospam@nospam.pauljohnstone.com','I am a full-stack developer','CC-BY-SA',0,'',1,'Paul J'), -(412,'m0dese7en','m0dese7en.nospam@nospam.mykolab.com','','CC-BY-SA',0,'',1,'Mode Seven'), diff --git a/sql/hpr-db-part-15.sql b/sql/hpr-db-part-15.sql index 30b8dd7..da0d83f 100644 --- a/sql/hpr-db-part-15.sql +++ b/sql/hpr-db-part-15.sql @@ -1,3 +1,4 @@ +(412,'m0dese7en','m0dese7en.nospam@nospam.mykolab.com','','CC-BY-SA',0,'',1,'Mode Seven'), (413,'CCHits.net Team','show.nospam@nospam.cchits.net','CCHits.net is a website which produces a daily, weekly and sometimes even a monthly music podcast. Find out more at cchits.net','CC-BY',0,'',1,'CCHits dot net Team'), (415,'enistello','enistello.nospam@nospam.tuta.io','@enistello@fosstodon.org','CC-BY-SA',0,'',1,'ennis tello'), (417,'StarshipTux','wakko222.nospam@nospam.gmail.com','Linux Enthusiast, Podcast Addict','CC-BY-SA',0,'',1,'Star ship Tux'), @@ -495,4 +496,4 @@ UNLOCK TABLES; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-11-23 5:10:28 +-- Dump completed on 2023-11-23 20:27:18 diff --git a/sql/hpr.sql b/sql/hpr.sql index 31c8743..5d3ac89 100644 --- a/sql/hpr.sql +++ b/sql/hpr.sql @@ -20571,7 +20571,8 @@ INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hosti (3999,'2023-11-30','Holiday Challenges Series Ep 02 TryHackMe Advent of Cyber Challenge',183,'Discussing the TryHackMe Advent of Cyber challenge to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 2 - TryHackMe Advent of Cyber Challenge\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

I have been using TryHackMe for several years, and I recommend it to\nall of my students. It is a great environment where people can get hands\non experience with technology that relates to cyber security, all from\nthe comfort of their browser and free year-round.

\n

The TryHackMe Advent of Cyber challenge is a free gamified\nenvironment which focuses on penetration testing, security\noperations/engineering, forensics/incident response, malware analysis,\nmachine learning, and more!

\n

This year\'s challenge opens on December 1, 2023 (Which is the reason\nwhy I am posting twice this week). Typically, the Advent of Cyber\nchallenge includes daily beginner-friendly exercises for people new to\ncybersecurity. These can consist of walkthroughs, video tutorials, and\nchallenges. There are also prizes available based on random drawings and\non participant success.

\n

Infosec personalities like John Hammond, Gerald Auger, InsiderPHD,\nand InfoSec Pat are featured in this year\'s challenge.

\n

You can play with last year\'s Advent of Cyber challenge by visiting\nhttps://tryhackme.com/room/adventofcyber4. It outlines\nthe overall story and shows all of the tasks last year\'s participants\nexperienced, including both offensive and defensive topics like: log\nanalysis, OSINT, scanning, brute force attacks, email analysis,\nCyberChef, blockchain smart contracts, malware analysis, memory\nforensics, packet analysis, web application hacking, and more!

\n

Everything can be done with a free account from within a browser.

\n

If you want to learn more about cybersecurity, transition your career\ninto infosec, or just have fun playing with cyber challenges, you can\ngive it a try by visiting tryhackme.com or https://tryhackme.com/r/christmas

\n

Please note: I am not affiliated with TryHackMe in any way, other\nthan having been a paying member for many years. Students and others who\nhave participated in previous year\'s Advent of Cyber challenges have\ntold me how much they enjoyed it and learned from it. Even though I have\nbeen an infosec practitioner for more years than I would like to admit,\nI also have enjoyed taking part in this challenge.

\n

If this is not for you, I will be sharing another option for a\nholiday challenge in my next episode.

\n',394,0,0,'CC-BY-SA','Advent of Cyber, TryHackMe, Hands on, cyber, cybersecurity, infosec, holiday, challenge',0,0,1), (4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 3 - SANS Holiday Hack Challenge with\nKringleCon\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

The SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.

\n

Everything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.

\n

Ed Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ

\n

You can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/

\n

There, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.

\n

I am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.

\n

I hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.

\n

Have a wonderful day.

\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,1), (3997,'2023-11-28','The Oh No! News.',875,'Sgoti talks about Malware distributed via Google\'s Dynamic Ads and more.','

The Oh No! news.

\n

Oh No! News is Good\nNews.

\n
    \n
  • TAGS: Oh No, News, Threat analysis, InfoSec, Google\nDynamic Search Ads
    • \n
\n
\n

Threat analysis;\nyour attack surface.

\n
    \n

  • Source: Former\nNHS secretary found guilty of illegally accessing medical\nrecords
    \n

    \n
      \n
    • A former NHS employee has been found guilty and fined for illegally\naccessing the medical records of over 150 people.
      \n
      • \n
    • Loretta Alborghetti, from Redditch, worked as a medical secretary\nwithin the Ophthalmology department at Worcestershire Acute Hospitals\nNHS Trust when she illegally accessed the records.
      \n
      • \n
    • \n

  • Supporting Source: Open\nStreet Map link to Redditch Worcestershire.
    \n

    • \n

  • Source: NetSupport\nRAT Infections on the Rise. Targeting Government and Business\nSectors
    \n

    \n
      \n
    • While NetSupport Manager started off as a legitimate remote\nadministration tool for technical assistance and support, malicious\nactors have misappropriated the tool to their own advantage, using it as\na beachhead for subsequent attacks.
      \n
      • \n
    • \n

  • Source: Beware:\nMalicious Google Ads Trick WinSCP Users into Installing\nMalware
    \n

    \n
      \n
    • The threat actors are believed to leverage Google\'s Dynamic Search\nAds (DSAs), which automatically generates ads based on a site\'s content\nto serve the malicious ads that take the victims to the infected\nsite.
      \n
      • \n
    • \n

  • Source: Trojanized\nPyCharm Software Version Delivered via Google Search Ads.
    \n

    \n
      \n
    • Victims who clicked on the ad were taken to a hacked web page with a\nlink to download the application, which turned out to install over a\ndozen different pieces of malware instead.
      \n
      • \n
    • \n
\n
\n

InfoSec; the language\nof security.

\n
    \n
  • Source: Why\nDefenders Should Embrace a Hacker Mindset
    \n
    • \n
\n
\n
    \n
  • Additional Information.\n
      \n
    • What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
      \n
      • \n
    • What is \"Malware\"?\nMalware (a portmanteau for\nmalicious software) is any software intentionally designed to cause\ndisruption to a computer, server, client, or computer network, leak\nprivate information, gain unauthorized access to information or systems,\ndeprive access to information, or which unknowingly interferes with the\nuser\'s computer security and privacy.
      \n
      • \n
    • What is a \"Payload\"?\nIn the context of a computer virus or worm, the payload is the portion\nof the malware which performs malicious action; deleting data, sending\nspam or encrypting data. In addition to the payload, such malware also\ntypically has overhead code aimed at simply spreading itself, or\navoiding detection.
      \n
      • \n
    • What is \"Phishing\"?\nPhishing is a form of social engineering\nwhere attackers deceive people into revealing sensitive information or\ninstalling malware such as ransomware. Phishing\nattacks have become increasingly sophisticated and often transparently\nmirror the site being targeted, allowing the attacker to observe\neverything while the victim is navigating the site, and transverse any\nadditional security boundaries with the victim.
      \n
      • \n
    • Social\nengineering (security) In the context of information security,\nsocial engineering is the psychological\nmanipulation of people into performing actions or divulging\nconfidential information. A type of confidence trick for the purpose of\ninformation gathering, fraud, or system access, it differs from a\ntraditional \"con\" in that it is often one of many steps in a more\ncomplex fraud scheme.
      \n
      • \n
    • What is \"Information\nSecurity\" (InfoSec)? Information security, sometimes shortened to\nInfoSec, is the practice of protecting information by mitigating information risks. It\nis part of information risk\nmanagement.\n
        \n
      • Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.).\nInformation Systems are composed in three main portions, hardware,\nsoftware and communications with the purpose to help identify and apply\ninformation security industry standards, as mechanisms of protection and\nprevention, at three levels or layers: physical, personal and\norganizational. Essentially, procedures or policies are implemented to\ntell administrators, users and operators how to use products to ensure\ninformation security within the organizations.
        \n
        • \n
      • \n
    • What is \"Risk\nmanagement\"? Risk management is the identification, evaluation, and\nprioritization of risks followed by coordinated and economical\napplication of resources to minimize, monitor, and control the\nprobability or impact of unfortunate events or to maximize the\nrealization of opportunities.
      \n
      • \n
    • What is a \"Vulnerability\"\n(computing)? Vulnerabilities are flaws in a computer system that\nweaken the overall security of the device/system. Vulnerabilities can be\nweaknesses in either the hardware itself, or the software that runs on\nthe hardware.
      \n
      • \n
    • What is an \"Attack\nSurface\"? The attack surface of a software environment is the sum of\nthe different points (for \"attack vectors\") where an unauthorized user\n(the \"attacker\") can try to enter data to or extract data from an\nenvironment. Keeping the attack surface as small as possible is a basic\nsecurity measure.
      \n
      • \n
    • What is an \"Attack\nVector\"? In computer security, an attack vector is a specific path,\nmethod, or scenario that can be exploited to break into an IT system,\nthus compromising its security. The term was derived from the\ncorresponding notion of vector in biology. An attack vector may be\nexploited manually, automatically, or through a combination of manual\nand automatic activity.
      \n
      • \n
    • What is\n\"Standardization\"? Standardization is the process of implementing\nand developing technical standards based on the consensus of different\nparties that include firms, users, interest groups, standards\norganizations and governments. Standardization can help maximize\ncompatibility, interoperability, safety, repeatability, or quality. It\ncan also facilitate a normalization of formerly custom processes.\n
      • \n
    • What is a \"Replay\nattack\"? A replay attack is a form of network attack in which valid\ndata transmission is maliciously or fraudulently repeated or delayed.\nAnother way of describing such an attack is: \"an attack on a security\nprotocol using a replay of messages from a different context into the\nintended (or original and expected) context, thereby fooling the honest\nparticipant(s) into thinking they have successfully completed the\nprotocol run.\"
      \n
      • \n
    • What is a\n\"Man-in-the-middle attack\"? In cryptography and computer security, a\nman-in-the-middle, ..., attack is a cyberattack where the attacker\nsecretly relays and possibly alters the communications between two\nparties who believe that they are directly communicating with each\nother, as the attacker has inserted themselves between the two\nparties.
      \n
      • \n
    • What is \"Transport Layer\nSecurity\" (TLS)? Transport Layer Security (TLS) is a cryptographic\nprotocol designed to provide communications security over a computer\nnetwork. The protocol is widely used in applications such as email,\ninstant messaging, and voice over IP, but its use in securing HTTPS\nremains the most publicly visible.
      \n
      • \n
    • What is a \"Handshake\"\n(computing)?. In computing, a handshake is a signal between two\ndevices or programs, used to, e.g., authenticate, coordinate. An example\nis the handshaking between a hypervisor and an application in a guest\nvirtual machine.
      \n
      • \n
    • What is Security\ntheater? The practice of taking security measures that are\nconsidered to provide the feeling of improved security while doing\nlittle or nothing to achieve it.
      \n
      • \n
    • \n
\n
\n\n',391,74,0,'CC-BY-SA','Oh No News, Threat analysis, InfoSec, Google Dynamic Search Ads',0,0,1), -(4005,'2023-12-08','Sgoti\'s reply to multiple shows.',893,'Sgoti replies to a few HPR Shows.','

Sgoti\'s reply to multiple\nshows.

\n

Sgoti replies to a few HPR\nShows.

\n
    \n

  • Tags: Reply show, password managers, lastpass.

    • \n

  • Reply to: hpr3988\n:: Beeper.com
    \n

    • \n

  • Supporting Source: Beeper chat application
    \n

    • \n

  • Supporting Source: Beeper Github page
    \n

    • \n

  • Supporting Source: Work with us at\nBeeper
    \n

    • \n

  • Reply to: hpr3989 :: LastPass\nSecurity Update 1 November 2023
    \n

    • \n

  • Reply to: hpr3994 ::\nLastpass Response
    \n

    • \n

  • Source: The\nTHREE STOOGES - A Plumbing We Will Go
    \n

    • \n

  • Source: Whitest Kids U Know:\nLeg Peeing
    \n

    \n
      \n
    • This was just funny. I found it while searching for, \"why the\nBritish say things like taking a piss\".
      • \n
    • \n
\n

This work is licensed under a Creative Commons\nAttribution-ShareAlike 4.0 International License.

\n',391,0,0,'CC-BY-SA','reply show, password managers, lastpass',0,0,1); +(4005,'2023-12-08','Sgoti\'s reply to multiple shows.',893,'Sgoti replies to a few HPR Shows.','

Sgoti\'s reply to multiple\nshows.

\n

Sgoti replies to a few HPR\nShows.

\n
    \n

  • Tags: Reply show, password managers, lastpass.

    • \n

  • Reply to: hpr3988\n:: Beeper.com
    \n

    • \n

  • Supporting Source: Beeper chat application
    \n

    • \n

  • Supporting Source: Beeper Github page
    \n

    • \n

  • Supporting Source: Work with us at\nBeeper
    \n

    • \n

  • Reply to: hpr3989 :: LastPass\nSecurity Update 1 November 2023
    \n

    • \n

  • Reply to: hpr3994 ::\nLastpass Response
    \n

    • \n

  • Source: The\nTHREE STOOGES - A Plumbing We Will Go
    \n

    • \n

  • Source: Whitest Kids U Know:\nLeg Peeing
    \n

    \n
      \n
    • This was just funny. I found it while searching for, \"why the\nBritish say things like taking a piss\".
      • \n
    • \n
\n

This work is licensed under a Creative Commons\nAttribution-ShareAlike 4.0 International License.

\n',391,0,0,'CC-BY-SA','reply show, password managers, lastpass',0,0,1), +(3998,'2023-11-29','Using open source OCR to digitize my mom\'s book',1847,'How I used open source tools such as gphoto2 and the OCR software tesseract to digitize pages','

To improve the speed of my workflow, I wrote a bash script that uses\nthe open source programs programs gphoto2,\ntesseract, grep and ImageMagick\nto digitize my mom\'s 338 page book. Here is the link to the script:\nhttps://github.com/deltaray/ocr-script

\n',194,0,0,'CC-BY-SA','ocr,opensource,grep,scripts,programming',0,0,0); /*!40000 ALTER TABLE `eps` ENABLE KEYS */; UNLOCK TABLES; @@ -21495,4 +21496,4 @@ UNLOCK TABLES; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-11-23 5:10:28 +-- Dump completed on 2023-11-23 20:27:18