How 'the invisible network' poses a major security threat

If a hacker managed to switch off a life-support machine, the results could be fatal

Imagine a hacker remotely turning off a life support machine in a hospital, or shutting down a power station. These are the nightmare scenarios we face because many organizations haven't a clue how many unsecured devices are connected to their networks, cyber-security experts warn.
It was an ordinary day at a busy hospital - doctors, nurses and surgeons rushed about attending to the health of their patients.
For Hussein Syed, chief information security officer for the largest health provider in New Jersey, it was the health of his IT network that was keeping him busy.

Web Server Penetration Testing Checklist

Web server pen testing performing under 3 major category which is identity, Analyse, Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities.

1. “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web server along with this to work through all of the different application Vulnerabilities.

Active Directory - DNS and DHCP Security Checklists - Basic

 

Active Directory 

• Review the domain controller disk space reports.
• Backups of – AD, backup includes capturing system state, information related to AD database, logs, registry, boot files, SYSVOL and other system files.
• Evidence for AD replication is working correctly.
• Snapshot of event logs for persistent errors.
• Is defragmentation is done to increase performance as large directories running for long time can get large and fragmented.
• Proof of integrity of AD DS database files with respect to AD semantics using NTDSUTIL.
• Where password files are kept and who is responsible.
• Is there any formal method exists for adding new users?
• Is there any formal method of notifying the Administrator of staff changes exists, with access levels being amended without delay (particularly if staff are required to leave the organisation)?
• Any formal mechanism exists for changing users / access rights to the files.
• What is the User account/ID lockout due to invalid passwords attempts
• Are the IT Administrator users are also complying with these policies and IS there any generic IDs created in Active Directory?

Singapore leads the world in cyber attacks

More cyber attacks are launched from Singapore than anywhere else in the world, according to a report from Israeli data security firm Check Point Software Technologies.

The small Southeast Asian country has overtaken Russia, China and the US as the top attacking nation.

Eying Wee, Check Point's Asia-Pacific spokeswoman, told Bloomberg that it was not unusual for Singapore to be featured among the top attacking countries as much of the internet traffic flowing through Singapore doesn't actually originate there.

46,000 new phishing sites are created every day

An average of 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data collected by Webroot shows today’s phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are hard to find using web crawlers, and they trick victims into providing personal and business information.

Finally Kaspersky Security Softwares Ban to Use all US Government Agencies

Finally, US Government Decide to Bans all the Kaspersky  Security Software Products that is using by United States federal agencies since a lot of Spying Activity Controversy against the Kaspersky Products.

Kaspersky is Moscow, Russia Based Leading Cybersecurity Firm who Provides Many Security Products such as Anti-Virus, Internet Security, Endpoint Security, Cloud Security which claims to have 400 million users worldwide.

Department of Homeland Security (DHS) Release Immediate Order to Federal Executive Branch departments and agencies to take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities.

Bank Alfalah

Bank Alfalah is back online!

Bank Alfalah Internet Banking is Down!

Bank Alfalah's Internet banking is down since more than 2 hours now. No bank official is taking responsibility of the downtime. It is reported to State Bank by Lantech's team.

Trump’s website allegedly defaced by Iraqi hacker

A secure web server of Donald Trump’s campaign website has been purportedly hijacked by a hacker from Iraq.

Donald Trump, 45th President of the United States of America, won the Elections last year and held the office last month. Many of his decisions are criticized worldwide such as immigration ban on Muslims from 7 countries including Iraq.

A hacker from Iraq, who identified himself as “Pro_Mast3r”, defaced a server of a website linked to Trump’s presidential fundraising campaign, donaldjtrump.com, on Sunday. The hijacked web page displayed a picture of a man in fedora and a message that read,

“Hacked By Pro_Mast3r ~
Attacker Gov
Nothing Is Impossible
Peace From Iraq”




According to Arstechnica, the server, secure2.donaldjtrump.com, is apparently an actual Trump campaign server because its certificate is legitimate. It further stated that the hosting of this website is provided by US-based internet security company, Cloudflare. When a reference link to an image on another site was clicked, Chrome and Firefox prompted that the connection is not secure, Arstechnica reported.

The source code contains a link to JavaScript on a Google Code account, masterendi, which has been previously associated with the hack of about three websites. The account does not exist anymore.

The server of Trump’s website is now offline. There are no comments from Trump Pence Campaign and Cloudflare yet.

Source:TechJuice

50 GB of Free and encrypted Cloud Storage Mega.nz

If you want free Cloud Storage, safe, secure and want to keep your files encrypted over the cloud and make sure that no one access them without your permission. Mega.nz is your answer.

You can even share your files with MD5 key and with separate MD5 key so you can share it separately with anyone you are sharing your files with.

Youtube Down

Youtube Down

21st Day of Feburary 2017 got down at 11:21 PM PST(+5).
And is still down.