Sometimes, during security audits, we may encounter a situation where everything is being managed correctly. In other words security patches, policies, network segmentation, antivirus, and user awareness, to name just a few measures, are being applied properly. That’s when, in order to continue the analysis from the perspective of a security researcher or consultant, social engineering and a number of other tools, some of which we will look at in this post, start to play more importance, being perhaps the only ones that can allow an attacker to penetrate the target system.
The tools in question are mainly pieces of hardware designed for security research or projects. So here’s a list of the 10 tools every white hat hacker needs.
Socially engineered malware (SEM) remains one of the most common security threats facing Internet users today, claiming as much as one third of Internet users as victims. These attacks pose a significant risk to individuals and organizations by threatening to compromise, damage, or acquire sensitive personal and corporate information. Europeans and Americans have increasingly found themselves targets of ransomware over the last 12 months.
Phishing attacks pose a significant risk to individuals and organizations alike, by threatening to compromise or acquire sensitive personal and corporate information. In 2016, over 145,000 unique email phishing campaigns were reported each month, and 125,000 unique phishing websites were detected each month— the highest ever recorded. Phishing attacks are becoming more complex and sophisticated, making these attacks harder to detect and difficult to prevent.
LastPass now allows users to set up password vaults across multiple devices and browsers for free.
On November 2, the password management company said that starting today, LastPass has upgraded the firm's free solution to include synchronization to multiple devices.
While users have always been able to use certain features for free -- such as password generation, secure notes, automatic saving, and password filling on one device -- this information can now be spread across any internet-connected device, which was once a premium-only feature.
Critical vulnerabilities in MySQL and vendor deployments by database servers MariaDB and PerconaDB have been identified that can lead to arbitrary code execution, root privilege escalation and server compromise.
Dawid Golunski of Legal Hackers published details around two proof-of-concept exploits for the vulnerabilities on Tuesday.
Both vulnerabilities affect MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier, along with MySQL database forks such as Percona Server and MariaDB.
The first vulnerability, a privilege escalation/race condition bug (CVE-2016-6663) is the more severe of the two. It can allow a local system user that has access to a database to escalate their privileges and execute arbitrary code as the database system user, Golunski said in an advisory. From there, an attacker could successfully access all of the databases on the affected database server.