There was an unknown network adapter in my device manager. I found out it was for a USB-RJ45 ethernet device, which I have never even seen before. This device was not present when I bought the machine. As far as I have researched, it is not installed by any software or devices I use.
I’m concerned because there is a known vulnerability in Windows that’s exploited using these devices. A malicious person with access to the device could have stolen my credentials and logged in. (Google Usb-ethernet windows vulnerability if you don’t believe me.)
I believe the police or another malicious party exploited that vulnerability, and they used it to install a keylogger and acquire my hardware info. Is the presence of this device suspicious enough, from an information security standpoint, to support my belief? What would you do if you discovered the same on an enterprise machine?
The following websites offer facebook hacking:
Are these websites legitimate?
As per the RFC7636 it stops malicious apps which pretend to be legitimate apps, gaining access to OAuth2.0 protected API’s.
The flow suggests a method of having a runtime level secret which generated from the client and letting the Auth server knows it. This allows token issuer to verify the secret with auth server and grant a proper access token.
However lets assume a malicous app, as the RFC paper suggests, with a correct client_id and client_secret, it can do the same PKCE process and gain access to protected resources.
Is this RFC doesn’t meant to protect those kind of attacks or simply I’m missing something here?
An Erudite can select powers freely from the psion/wilder lists, and from all the discipline lists with certain caveats.
A StP alternate class feature Erudite can learn spells, converting them to “spellpowers” with the same caveats as discipline powers; they count as powers.
The Expanded Knowledge or the Hidden Talent feat clearly allows the acquisition of any one power from any list, with certain caveats.
Are there any non feat methods which legitimately allow an Erudite to acquire other non-psion/wilder powers (Lurk powers, Leech powers, mantle powers, etc.)?
Please do not include anything involving Manipulate Form, or similar levels of TO.
I got an email from a “debt consolidation” company. This isn’t real right? It’s laden w bad grammar and doesn’t even say WHAT the debt is for or who I owe money to.
I’ve been doing a lot of research on Certified | Ethical Hacker (C|EH) to see if it’s a credible certification. But I’ve stumbled across a Wikipedia article on it and discovered that the sources are straight from the company EC-Council the ones that made the certification in the first place. The writing of the article sounds like it’s marketing it to you. It didn’t have a wiki article on EC-Council itself and the founder and CEO is from India (I’m not being racist or anything) I even signed up for it on the EC-Council website and got a message from the employee who is from India. Does anyone know the real history of the company or is it a scam?
i found this loan company online and they offer credit card loan international.
Just send your 1 valid id's in this email:
i recieved there loan last month through my credit card without any
Today while reviewing vulnerability scan results with a colleague, we had a debate about what vulnerabilities can be considered “true or legitimate” and hence worthwhile to spend resources in monitoring. We had a differing opinion on whether vulnerabilities without a relevant attack vector can be considered “true” vulnerabilities for our company
My opinion was that even if a vulnerability discovered today has no applicable attack vectors because conditions needed to exploit it does not exist, the vulnerability is still worthy of monitoring as its future behavior may evolve. As more information is known about it, more attack vectors may become known. In addition, our company is moving in the direction of the Cloud, where I see faster detection and stronger monitoring of vulnerabilities in becoming more important, due to there being more “distance” between a company and its digital assets. I.e: Assets become less physically tangible.
However, I also understand my college’s point of monitoring and researching having a opportunity cost. If the probability of successful exploit is unlikely, then the time spent researching, monitoring, and reporting results may be better spent on another activity, similar to not how all security risks have equal criticality.
Given our company’s direction, that we work with highly sensitive customer data such as health information (HIPPA), and we are in the regulated financial services industry, I tend to feel more comfortable by taking the more conservative approach of my own viewpoint.
In general, are vulnerabilities with non applicable attack vectors considered “true” vulnerabilities?
How should the degree of monitoring and resource commitment to remediation be determined general speaking at a high level, particularly for regulated industries?
My Yahoo! email account was working fine until I noticed an email from a co-worker bypassed my inbox all together and ended up in my trash file. I checked all my filters and blocked addresses and did not find anything that could be causing the problem.
I put up with the inconvenience and just kept checking my trash folder for her emails. It was only her emails that were by passing my inbox. This has been going on for a couple of months.
My account was hacked about a week ago and I changed the password of my account.
Now I have several other emails from clients which have also bypassed my inbox. These emails are ending up in my trash folder and my SAVE folder.
What do I do?
Coming from this comment from this question at Travel StackExchange.
My question is: How can the scammer still scan a user’s data when the user registers their account on the legitimate site, after being redirected from the fake site?
So, suppose I go to homeaway-eu.com. I’m then redirected to homeaway.com. Now I search for a house and book it, after entering my data. How can the scammer get this information that I entered, such as my payment details and contact infos?
Edit: I think the answers below are coming from the point of view of the question that I linked above. My question is about the supposition that I wrote, not the exact case from Travel StackExchange.