John the Ripper: Password Cracking Tutorial and Review

John the Ripper is a popular password cracking tool that can be used to perform brute-force attacks using different encryption technologies and helpful wordlists. It’s often what pen-testers and ethical hackers use to find the true passwords behind hashes. This open-source package is free to download and has several modules for generating hashes from a […]

The post <strong>John the Ripper: Password Cracking Tutorial and Review</strong> appeared first on eSecurityPlanet.

January 31, 2023
Read More >>

Hackers Use RMM Software to Breach Federal Agencies

Cybercriminals recently breached U.S. federal agencies using remote monitoring and management (RMM) software as part of a widespread campaign. The malicious campaign began in June 2022 or earlier and was detected a few months later, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the […]

The post Hackers Use RMM Software to Breach Federal Agencies appeared first on eSecurityPlanet.

January 28, 2023
Read More >>

Threat Groups Distributing Malware via Google Ads

Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. On January 20, CronUp researcher Germán Fernández warned that the DEV-0569 ransomware group is using Google Ads to distribute Gozi/Ursnif malware, RedLine stealer, and Royal ransomware. “For deployment, they use Add-MpPreference to configure exclusions […]

The post Threat Groups Distributing Malware via Google Ads appeared first on eSecurityPlanet.

January 26, 2023
Read More >>

ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware

CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently […]

The post ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware appeared first on eSecurityPlanet.

January 20, 2023
Read More >>

Cybersecurity in the Metaverse Will Require New Approaches

Despite challenges faced by Meta and others, there remains optimism for the metaverse. The PwC 2022 U.S. Business and Consumer Metaverse Survey highlights this. The survey, which included over 5,000 consumers and 1,000 U.S. business leaders, shows that half of consumers consider the metaverse to be exciting, and 66% of executives say their companies are […]

The post Cybersecurity in the Metaverse Will Require New Approaches appeared first on eSecurityPlanet.

January 19, 2023
Read More >>

Microsoft Patch Tuesday Fixes 11 Critical Vulnerabilities, One Zero-Day

Microsoft’s first Patch Tuesday of 2023 addresses 98 vulnerabilities, more than twice as many as last month – including one zero-day flaw that’s being actively exploited, as well as 11 critical flaws. The zero-day, CVE-2023-21674, is a Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability with a CVSS score of 8.8. The flaw, […]

The post Microsoft Patch Tuesday Fixes 11 Critical Vulnerabilities, One Zero-Day appeared first on eSecurityPlanet.

January 11, 2023
Read More >>

Researchers’ Quantum Threat Debunked, RSA Safe for Now

In a paper published late last month, 24 Chinese researchers suggested that RSA-2048 encryption could be broken using a quantum computer with 372 physical quantum bits. Cryptographer Bruce Schneier drew attention to the paper [PDF] last week in a blog post, noting that IBM recently announced a 433-qubit quantum computer, far exceeding the researchers’ stated […]

The post Researchers’ Quantum Threat Debunked, RSA Safe for Now appeared first on eSecurityPlanet.

January 10, 2023
Read More >>

Rackspace Breach Linked to New OWASSRF Vulnerability

Rackspace has acknowledged that it was hit by the Play ransomware a month ago in an attack that compromised customers’ Microsoft Exchange accounts. The attackers apparently leveraged a zero-day vulnerability called OWASSRF that was recently analyzed by CrowdStrike. In an interview with the San Antonio Express-News, Rackspace chief product officer John Prewitt said the company […]

The post Rackspace Breach Linked to New OWASSRF Vulnerability appeared first on eSecurityPlanet.

January 6, 2023
Read More >>

Security Outlook 2023: Cyber Warfare Expands Threats

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. “In 2022, governments fought wars online, businesses were affected by multiple ransomware gangs, and regular users’ data was constantly on hackers’ radars,” said […]

The post Security Outlook 2023: Cyber Warfare Expands Threats appeared first on eSecurityPlanet.

January 5, 2023
Read More >>

ChatGPT: A Brave New World for Cybersecurity

Released on November 30, ChatGPT has instantly become a viral online sensation. In a week, the app gained more than one million users. Unlike most other AI research projects, ChatGPT has captivated the interest of ordinary people who do not have PhDs in data science. They can type in queries and get human-like responses. The […]

The post ChatGPT: A Brave New World for Cybersecurity appeared first on eSecurityPlanet.

December 16, 2022
Read More >>