securityXspace: a blog about cyber-philosophy.

Penetration testing with Metasploit made easy. Millions of IT professionals all over the world want to get into the hot field of security, and Metasploit is a great place to start. Metasploit Framework is free, used by more penetration testers than any other tool, and helps you understand security from the attackers perspective. Source: Introducing…

Researchers at Cisco’s Talos threat research group are publishing research today on a targeted attack delivered by a malicious Microsoft Word document that goes to great lengths to conceal its operations. Source: Researchers uncover PowerShell Trojan that uses DNS queries to get its orders

Amazon Web Services (AWS) has explained the hours-long service disruption that caused many websites and Internet-connected services to go offline earlier this week. The Amazon Simple Storage Service (S3) team was debugging a problem in the S3 billing system on Tuesday morning when one team member “executed a command which was intended to remove a…

USA TODAY Pence used personal email for state business — and was hacked USA TODAY Cybersecurity experts say the emails raise concerns about whether such sensitive information was adequately protected from hackers , given that personal accounts like Pence’s are typically less secure than government email accounts. Source: Pence used personal email for state business…

IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia. Researchers showcased a potential malware lifecycle which started with spear phishing and eventually led to the deployment of the disk-wiping malware known as Shamoon. […] Source: Additional Insights on Shamoon2

ZDNet ‘Previously unseen’ malware behind cyberattack against UK’s biggest hospital group ZDNet The investigation into the cyberattack against Barts Health NHS Trust is still ongoing. Image: Barts Health NHS Trust. A malware attack which forced parts of the UK’s largest hospital group offline has been blamed on a new form of malware , which ……

A proof of concept bypass of Google’s CAPTCHA verification system uses Google’s own web-based tools to pull off the skirting of the system. Source: Google reCaptcha Bypass Technique Uses Google’s Own Tools

2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and Business Email Compromise (BEC) scams gaining increased popularity among cybercriminals looking to extort enterprises. A 752 percent increase in new ransomware families ultimately resulted in $1 billion in losses for enterprises worldwide, according to Trend Micro. Source: Ransomware…

Good news for the victims of the Dharma Ransomware, someone has released the alleged Master Keys on the BleepingComputer.com forums. The alleged Master Keys for the Dharma Ransomware has been released by someone on BleepingComputer.com forums. Source: Alleged Master Keys for the Dharma Ransomware Leaked on BleepingComputer

Yahoo CEO Marissa Mayer said she’ll forgo her 2016 bonus and any stock award for this year after the company admitted it failed to properly investigate hack attacks that compromised more than a billion user accounts . “When I learned in September 2016 that a large number of our user database files had been stolen,…