Yearly Archives: 2012

Infosec Weekly Round-up December 10-16, 2012

“Dexter” malware steals credit card data from point-of-sale terminals A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Dexter, as the malware is called, has infected hundreds of

Infosec Weekly Round-up December 02-09, 2012

The Citadel crimeware kit – under the microscope “Ever since the source code of the Zeus crimeware kit, also known as Zbot, was leaked onto the internet in May 2011, many new variants have appeared. These have typically added new

Infosec Weekly Round-up November 26- December 02, 2012

Samsung printer firmware contains a printer SNMP backdoor Samsung printers contain a hardcoded SNMP community string that could allow a remote attacker to take control of an affected device. Financial Malware Detects Remote Desktop Environments to Evade Researchers Like

Utilizing a Network Scanner – Best Practices

Your auditor, your boss, or maybe that great book on security you just read, has you thinking you want to use a network scanner to help with the security on your network, but you’re just not really sure where to

Infosec Weekly Round-up November 19-25, 2012

Proactive detection of security incidents II – Honeypots , ENISA An increasing number of complex attacks demand improved early warning detection capabilities for CERTs. By having threat intelligence collected without any impact on production infrastructure, CERTs can better defend their

Infosec Weekly Round-up November 12-18, 2012

Dumping Domain Password Hashes Using Metasploit (ntds_hashextract.rb) “The ntds_hashextract.rb script is a standalone tool that can be used to quickly and efficiently extract Active Directory user account password hashes from the exported datatable of an NTDS.dit database. As it turns

Infosec Weekly Round-up October 29- November 04, 2012

Popular websites leaking system status information, private data and even passwords Security researchers have discovered that thousands of popular websites are putting their users’ data at risk by leaking internal status information. Most of the sites are only leaking enough