1619141416
Cybersecurity Hacking Path
Do you agree with Neal? Please comment below.
Which Cybersecurity training is best? Which vendors at the best? Neal presents his Cybersecurity training magic quadrant.
Menu:
0:00 ⏩ You have to get hands on experience
1:11 ⏩ Neal DM $2k challenge
2:55 ⏩ Cybersecurity training magic quandrant
3:35 ⏩ Gartner
5:40 ⏩ Training quadrant
8:29 ⏩ YouTube vs paid
10:21 ⏩ Demonstrative quadrant
12:33 ⏩ Hot seat questions
16:00 ⏩ $100 vs $500 vs $5000
17:40 ⏩ $100 investment only
18:33 ⏩ $1000 investment
19:55 ⏩ $5000 investment
21:51 ⏩ Advantages of instructor led training
25:03 ⏩ Cisco ILT vs SANS ILT
27:03 ⏩ How many courses have you actually finished?
27:34 ⏩ Summary of $100, $1000 investment
28:45 ⏩ Blank Cheque
29:44 ⏩ Has Neal taken all the courses?
31:10 ⏩ Most important!
#cybersecurity #developer #security
What is GEEK
Buddha Community
1628430590
How to find WiFi Passwords using Python 2021|Hack WiFi Passwords|Python Script to find WiFi Password
Hack Wifi Passwords easily..
#wifi #python #passwords #wifipasswords #linux #coding #programming #hacking #hack
#wifi #hack #using #python #python #hacking
1594638720
Smartwatch Hack Could Trick Dementia Patients into Overdosing
Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.
Researchers are warning vulnerabilities in a smartwatch application for dementia patients could allow an attacker to convince patients to overdose.
The vulnerabilities stem from the SETracker application, which is developed by Chinese developer 3G Electronics (based out of Shenzhen City). The app, which is available on iOS and Android and has been downloaded over 10 million times, is used to power various third-party smartwatch devices. These smartwatches are utilized by elderly patients with dementia who need reminders for taking their medication and to carry out everyday tasks. The apps are also used by parents to track their children – expanding the impact of the security issues.
“Is this yet another cheap Chinese kids GPS watch story? No, this is much more than just kids watches. The SETracker platform supports, automotive trackers, including both car and motorcycle, often embedded in audio head units and dementia trackers for your elderly relatives,” said Vangelis Stykas, with Pen Test Partners, in a Thursday post. “The vulnerabilities discovered could allow control over ALL of these devices.”
Researchers discovered an unrestricted server-to-server application programming interface (API) behind the app that allowed them to carry out a number of malicious activities. Specifically, the API had no authentication required to send commands, other than the requirement of a semi-random string that was already hardcoded to the code. That means a remote, unauthenticated attacker could send commands freely as if they were on a “trusted” server, said researchers.
“This was trivial to discover, all we had to do was just read through the compiled javascript code in the node file to understand what the API was doing,” said Stykas. “With no API restrictions and knowing the API structure we could take over all the devices.”
This issue allows an attacker – who knows the device ID of the smartwatch – to make a device call for any phone number or send SMS with any text from the watch, spy on any smartwatch, or fake a message from a “parent” to the smartwatch or access its camera. Worse, an attacker could send a “TAKEPILLS” command to the smartwatch that uses the app, to remind a relative to take medication (even if the target already took his pills).
#hacks #iot #3g electronics #credentials #exposed password #hack #hacking #internet of things #mobile app #setracker #smartwatch
1603526400
Researcher: I Hacked Trump’s Twitter by Guessing Password
Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump’s Twitter account — “maga2020!”.
That’s all he needed to hijack the @realdonaldtrump handle, according a report from Dutch newspaper de Volksrant, because it lacked even the most basic two-factor authentication (2FA), exposing major flaws in the digital security surrounding the President.
While Threatpost has not been able to independently verify the veracity of Gevers’ claim of the Oct. 16 hack of Trump’s Twitter, several professionals have analyzed screenshots and vouch for their authenticity, according to Dutch magazine Vrij Nederland, which added that Gevers works for the Dutch government by day and runs the ethical hacking GDI Foundation in his spare time — and so is well regarded within the country’s security community.
Twitter Safety & 2FA
Twitter, however, said it is dubious about the report.
“We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today,” a Twitter spokesperson said in a statement responding to Threatpost’s inquiries. “We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
An announcement on Sept. 17 from Twitter Safety said the company was sending in-app notifications “requiring” or “strongly recommending” enhanced security measures, including a requirement for a strong password, to members of government and journalists in the run-up to the election.
The policy goes on to “strongly encourage” these accounts enable 2FA but does not say it’s a requirement.
2FA requires users have a one-time generated code, sent by email or text, which needs to be entered to login. This keeps bad actors from accessing the account even if they have the username and password.
Duty to Report
Gevers said that after he successfully hacked the president’s Twitter account he went to great lengths to report the vulnerability, sending emails, screenshots and social-media messages to various U.S. government entities through Twitter, Parler and other platforms, de Volkskrant reported. Days later, he found the 2FA to be in place and two days after that, he received a friendly email from the Secret Service thanking him.
While that didn’t do much to explain how it came to be that Trump didn’t have basic protections on his Twitter account, Gevers speculated to de Volkskrant that it has something to do with his age, adding, “…elderly people often switch off two-step verification because they find it too complicated.”
This isn’t the first time Gevers was reportedly able to commandeer the infamous Twitter handle. In 2016, he was part of a group of self-described “grumpy old hackers” who accessed Trump’s Twitter account by guessing the password “yourefired,” Vrij Nederland reported. The group tried to alert team Trump that, “he had his digital fly open,” with no response at the time, Vrij Nederland added.
Gevers told de Volkskrant that it was recent headlines about presidential candidate Joe Biden’s son, Hunter Biden being hacked that inspired him to start spot-checking accounts for U.S. political figures.
“Doing spot checks, that’s my work: Look for any leaks in security,” he said. When he got to Trump’s account, he tried a few variations, expecting to get locked out after the fourth failed attempt, instead he hit the jackpot on try number five, according to de Volkskrant.
Gever’s reaction, according to Vrij Nederland? “Not again!”
Election & Data Security
This report comes at a time when U.S. law-enforcement officials warn Russia and Iran are actively engaging in election interference through hacked voter-registration information.
Cybercriminals are “going after the minds of the American people and their trust in the democratic institutions that we use to select our leaders, “Matt Olney, director of Talos’ Threat Intelligence and Interdiction at Cisco told Threatpost this week.
The good news is that the public is getting smarter about information security.
“Everybody has a role in election security,” Olney explained. “And that includes the election community who have gone at that problem aggressively over the last four years; [and] the public, which has largely adopted a more skeptical eye towards information as it comes out, for better or worse.”
#breach #hacks #web security #2fa #dutch researcher #hack #password #trump #trump hack #twitter #two factor authentication #victor gevers #weak password
1603058400
How to Hack WhatsApp Chats
If you’ve come across this article, you probably need to read somebody’s messages on WhatsApp or view shared media files. In this article, you’ll find the best 7 ways to hack WhatsApp chats. I recommend you to look through all of them and choose the one that meets your technical skills and monitoring needs.
_DISCLAIMER: The article is intended to be used and must be used for informational purposes only. _
1. Hack WhatsApp by syncing the web version with the device via the QR code.
The main WhatsApp vulnerability is the web version of the service known as WhatsApp Web. To access the target’s account, all you need to do is to accurately configure WhatsApp analog in the web browser and, further, use the captured data for your own purpose. The only con of this hacking method is a requirement of physical access to the target smartphone. However, it’s necessary only for a moment.
To hack WhatsApp, do the following:
1. Decide how you are going to read the target’s chats: from your PC or smartphone.
2. If you want to access the messages from your desktop, simply open the web version of the website and enable the “keep me logged in” option.
3. If you want to view WhatsApp chats on your smartphone: install a special app on your smartphone allowing you to launch the web version. Go to Play Market, enter “WhatsWeb” in the search, find the app, and install it.
4. The most challenging step. Access the target device. If the device is password-protected, this would be rather difficult :)
WARNING! The target device must be online otherwise you’ll fail to hack the messenger and read WhatsApp chats.
#whatsapp #whatsapp-web-hacks #hacking #spyware #spy-apps #hacks #security #hackernoon-top-story
1618216382
The Role of AI in Cyber Security and How It Will Help to Prevent Cyber Attacks
Traditional approaches for cybersecurity threats like two-factor authentication or password systems are not as effective as they used to be. Now, there is a need for increased anticipation of security professionals. Various businesses are using Artificial Intelligence in the present time to prevent their system from cyber-attacks.
The Role of AI in Cyber Security can be described as a secure way to prevent all matters of security concern for organizations. Networks get various threats that have become common and complex now as hackers are more efficient and advanced. That is why there is a need for more active participation of technologies in our security system?.
#cybersecurity #role-of-ai-in-cyber-security #cybersecurity-awareness #artificial-intelligence #future-of-artificial-intellige #ai-and-cybersecurity #ai-and-cybercrime #trends-in-cybersecurity