indicator-of-compromise – Page 2

Are there Indicators of Attack or Indicators of Compromise (IoA, IoC) or suspicious events specific to stalkerware?

Posted on October 3, 2021 by rodstewart

By stalkerware I mean the type of spyware that is typically marketed as a tool to catch a cheating spouse (or similar).
I am asking because the motive for this type of attack is somewhat different from other attacks. If the goal of an atta… Continue reading Are there Indicators of Attack or Indicators of Compromise (IoA, IoC) or suspicious events specific to stalkerware?→

Pornographic image in Wikipedia app

Posted on August 7, 2021 by Daniel Walker

I opened up the Wikipedia app on my iPhone today and saw that the featured article on the main page was on “Henry IV, Holy Roman Emperor”. However, the image displayed for the article was a closeup picture of male genitalia. I was shocke… Continue reading Pornographic image in Wikipedia app→

Why am I seeing this in /var/log? [closed]

Posted on July 5, 2021 by Stiofán

I’ve noticed a lot of weird logs in /var/log on my server.
For example:
cd /var/log/DIST00000001ARGC00000005ARGV00000002ccARGV00000002-cARGV00000006nmap.cARGV00000002-oARGV00000006nmap.oDOTI00000000
sudo cat user.log
Jun 30 16:48:08 DIST0… Continue reading Why am I seeing this in /var/log? [closed]→

What’s with this seemingly nonsensical Bitcoin "hack" story about a kid with 400 BTC live on his malware-infested PC?

Posted on January 12, 2021 by A Vasher

I read this very strange story yesterday, and I really need to ask about it:

Hackers knew that everyone would be staring at the sun and away from their computers, so they chose that precise moment to pounce. Erik watched the eclipse like … Continue reading What’s with this seemingly nonsensical Bitcoin "hack" story about a kid with 400 BTC live on his malware-infested PC?→

How did SolarWinds get hacked? And was the Orion update put out without human approval?

Posted on December 18, 2020 by Ethan Allen

Obviously there is massive information about the SolarWinds Orion hack itself of the malicious DLL injected into the update: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromise… Continue reading How did SolarWinds get hacked? And was the Orion update put out without human approval?→

What to make of inconsistent TFA/2FA verification emails from AOL

Posted on November 23, 2020 by Will Haley

My parents use AOL (there’s no point trying to migrate them at this stage) with two factor authentication. My father let me know that he recently received an identity log in verification email that looks suspicious.
The resolved client loc… Continue reading What to make of inconsistent TFA/2FA verification emails from AOL→

Unknown email suggestions on username autoform fill [closed]

Posted on November 18, 2020 by AsukaGenesis39

I encountered strange activity on my Firefox web browser on BackBox Linux 20. Upon visiting https://login.yahoo.com, clicking the pointer to username pops up two emails: an unfamiliar Gmail and AOL emails. The browser’s auto-form-fill sugg… Continue reading Unknown email suggestions on username autoform fill [closed]→

Is my email compromised? [closed]

Posted on November 6, 2020 by user123452231239

I’ve gotten two strange emails in the past few days first was one from a site called ding that said that my account was all most ready to activate but I’ve never tried to create an account there. And now today I got an email from best buy … Continue reading Is my email compromised? [closed]→

Finding the entry point of a hack attack [closed]

Posted on September 22, 2020 by Percival Junghans

My logwatch showed that someone was using my Ubuntu 18 servers root login.
I changed it. I used clamav, which found nothing.
How do I trace back how he got the password?

Continue reading Finding the entry point of a hack attack [closed]→

Public dataset of compromised users

Posted on August 28, 2020 by user5623335

I am looking for some type of public data set for my own internal research.
It should contains users and some type of identifiable information (IP, fingerprint, cookie etc…), at least some of the users in the data set should have had som… Continue reading Public dataset of compromised users→