NIST Releases New Digital Identity Guidelines

Original release date: June 26, 2017

The National Institute of Standards and Technology (NIST) has released the Digital Identity Guidelines document suite. The four-volume suite offers technical guidelines for organizations that use digital ide…

Original release date: June 26, 2017

The National Institute of Standards and Technology (NIST) has released the Digital Identity Guidelines document suite. The four-volume suite offers technical guidelines for organizations that use digital identity services.

US-CERT encourages information security practitioners in industry, government, and academic organizations to refer to the NIST blog post and SP 800-63 for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


This Windows Defender bug was so gaping its PoC exploit had to be encrypted

(credit: Microsoft)
Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine. The vulnerability could have allowed attackers to execute malicious code by luring users to a booby-trapped website or attaching a b…

(credit: Microsoft)

Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine. The vulnerability could have allowed attackers to execute malicious code by luring users to a booby-trapped website or attaching a booby-trapped file to an e-mail or instant message.

A targeted user who had real-time protection turned on wasn't required to click on the booby-trapped file or take any other action other than visit the malicious website or receive the malicious e-mail or instant message. Even when real-time protection was off, malicious files would be executed shortly after a scheduled scan started. The ease was the result of the vulnerable x86 emulator not being protected by a security sandbox and being remotely accessible to attackers by design. That's according to Tavis Ormandy, the Google Project Zero researcher who discovered the vulnerability and explained it in a report published Friday.

Ormandy said he identified the flaw almost immediately after developing a fuzzer for the Windows Defender component. Fuzzing is a software testing technique that locates bugs by subjecting an application to corrupted data and other types of malformed or otherwise unexpected input.

Read 6 remaining paragraphs | Comments

Winpayloads – Undetectable Windows Payload Generation

Winpayloads is a tool to provide undetectable Windows payload generation with some extras running on Python 2.7. It provides persistence, privilege escalation, shellcode invocation and much more. Features UACBypass – PowerShellEmpire PowerUp – Powe…

Winpayloads is a tool to provide undetectable Windows payload generation with some extras running on Python 2.7. It provides persistence, privilege escalation, shellcode invocation and much more. Features UACBypass – PowerShellEmpire PowerUp – PowerShellEmpire Invoke-Shellcode Invoke-Mimikatz Invoke-EventVwrBypass Persistence – Adds payload...

Read the full post at darknet.org.uk

IRS Warns of Summertime Scams

Original release date: June 26, 2017

The Internal Revenue Service (IRS) has released an alert warning of various types of scams targeting taxpayers this summer. The alert describes common features of these cyber crimes, including: robocalls, pri…

Original release date: June 26, 2017

The Internal Revenue Service (IRS) has released an alert warning of various types of scams targeting taxpayers this summer. The alert describes common features of these cyber crimes, including: robocalls, private debt collection, and scams that target taxpayers with limited English proficiency.

Taxpayers and tax professionals are encouraged to review the IRS alert and US-CERT's advice on Avoiding Social Engineering and Phishing Attacks.

 


This product is provided subject to this Notification and this Privacy & Use policy.