Stealing Windows Credentials Using Google Chrome

Acrobat Stealing Windows Credentials Using Google Chrome
Author/Researcher: Bosko Stankovic (bosko@defensecode.com)
Source: http://www.defensecode.com
Overview: Attacks that leak authentication credentials using the SMB file sharing protocol on Windows OS are an ever-present issue, exploited in various ways but usually limited to local area networks. One of the rare research involving attacks over the internet was recently presented by Jonathan Brossard and Hormazd Billimoria at the Black Hat security conference[1] [2] in 2015. However, there have been no publicly demonstrated SMB authentication related attacks on browsers other than Internet Explorer and Edge in the past decade. This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it. Read More

The ‘Security by’ model approach

Passionate about it! Intrigued by it! Confused by it! SaaS, RaaS, XaaS, what! what!, okay let me PaaS, oops meant pass! Unlike the as-aservice model that inherently loves prepending strange InfoTech words, I am going to talk about another model, that seems to enjoy appending weird random like words; the ‘Security by’ model! Don’t you just love it? Oops, I meant I.T! Security by Obscurity, Security by Isolation, Security by Default!; The ‘Security by’ model approach!

 

 

The ‘Security by’ model approach seems to share and rely on; 

Read moreThe ‘Security by’ model approach

Mitigating Ransomware attacks using McAfee VSE Access Protection Policies

The image on the left is an awesome reminder of my first blog post. Ransomware really caught my attention to a point were, it ended up featuring as my first article. That being said, my reply to Gail’s comment really sealed the deal, to an extend were i just felt I had to revisit and unearth this post! My response read, “This is proof we are living in the “Cyber Crime Era!”. It’s sad but what makes it even more scary is, it’s happening and happening around the clock. I bet you this is just the tip of an iceberg….” Oh yes, spot on! I am no Fortune Teller, but all I can tell ya (replacement for you), is we are living in that era! Hmmm, some deadly rhymes ending with ‘aaaah!’ right?; but definitely not deadlier than the gist of the flow, Ransomware!!!! Hold on, besides my rhymes, I will not let you (Ransomware) intimidate me, because I have something to use to mitigate against you, 

Read moreMitigating Ransomware attacks using McAfee VSE Access Protection Policies