How did ntpd got pacthed to prevent NTP time synchronization attacks?

I recently tested the NTP Time Synchronization Attack as desribed and demonstrated by Jose Selvi in 2015.
Basically, the attack was mostly used to send the victim’s clock in the future, so the already cached HTTP Strict Transport Security … Continue reading How did ntpd got pacthed to prevent NTP time synchronization attacks?

How can a phishing attempt SMS be sent by the same number as the legitimate company? [duplicate]

My bank (let’s call it theBank; it’s a trusted bank in a Scandinavian country) uses among other methods SMS prompts. When performing an action (e.g. payment), you are sent an SMS containing a code prompt. To complete the action, you must t… Continue reading How can a phishing attempt SMS be sent by the same number as the legitimate company? [duplicate]

Finding the Location of Telegram Users

Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users:

Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location.

[…]

A proof-of-concept video the researcher sent to Telegram showed how he could discern the address of a People Nearby user when he used a free GPS spoofing app to make his phone report just three different locations. He then drew a circle around each of the three locations with a radius of the distance reported by Telegram. The user’s precise location was where all three intersected…

Continue reading Finding the Location of Telegram Users

What is STRIDE and How Does It Anticipate Cyberattacks?

STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […]

The post What is STRIDE and How Does It Anticipate Cyberattacks? appeared first on Security Intelligence.

Continue reading What is STRIDE and How Does It Anticipate Cyberattacks?