IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [threats]

An actor, usually a person, who may attempt to exploit a vulnerability of an exposed system.

99 questions
2
votes
1 answer

Windows Defender found threats in Kali Linux disc image

Last week, I downloaded Kali Linux from the official https://www.kali.org/ website for educational purpose. I left the downloaded disc image (.iso) on my desktop. Yesterday, Windows Defender decided to run a quick scan and went through the Kali…
pmbonneau
  • 161
  • 2
  • 2
  • 10
2
votes
1 answer

What are the main sources to collect Threat Intelligence Information especially from Dark Web

I've identified some OSINT Sources but they are not enough. Can anyone identify other sources to automatically via APIs or other way to collect threat intel information.
Adnan Qureshi
  • 131
  • 5
2
votes
2 answers

How should we mitigate threats that are keep coming to our security monitoring system?

We have continuous cybersecurity threat feeds that coming to our SOC on a daily basis from different sources that provide all the new CVEs, new malware variations and more. We just don't know how to handle these alerts in the right way and not only…
Filipon
  • 1,204
  • 10
  • 22
2
votes
1 answer

Use Splunk to run Nmap scan from remote host to potential attacker

When receiving internal attacks, I'd like to utilize Splunk alerts to trigger an Nmap scan against that attacking host from a remote machine; one other than the Splunk server. Is there any API or script that would provide this functionality (Splunk…
SnakeItUp
  • 21
  • 1
2
votes
0 answers

Slowing the hashing of a password. Is this all i need to know about securing passwords?

I'm on a journey of learning everything about information security and as i've read about how to secure a password, i didn't quite understood why should i slow down the hashing of a password and how to do it properly. Yes, it takes longer to crack…
Peter Cos
  • 21
  • 2
2
votes
2 answers

How to determine the threat agent for analyzing risk of a threat?

When doing Risk Assessment of a threat, how can I find the best threat agent for the risk assessment? For example, the asset which has the vulnerability related to the threat may be in an internal network behind a DMZ. In this case, some of the…
Manjula
  • 176
  • 6
2
votes
4 answers

Threat modelling - including threats one cannot mitigate?

When threat modelling, should you include the threats a system cannot mitigate? If so, where should you stop? It could be very time-consuming to list all the threats one cannot mitigate.
user5508297
  • 171
  • 1
  • 5
2
votes
3 answers

How can I prevent myself from barcode payload attacks?

Recently I came across a tool which can inject payloads into a barcode. How can I prevent myself from this kind of attacks? Attack scenario: The attacker prints vulnerable barcode / sends vulnerable barcode to me I scan the vulnerable barcode and…
BlueBerry - Vignesh4303
  • 5,107
  • 13
  • 34
  • 63
2
votes
2 answers

Odd url showing up in my pubsub stream, should I be concerned?

Background: Yesterday I started working on a simple metrics dashboard. I have a VBScript on my internal network that queries a database over a VPN from our Vendor. I then do a simple HTTP post to a node.js server listening on port 8000. I have…
THE JOATMON
  • 571
  • 6
  • 14
2
votes
2 answers

How vulnerable is Windows XP Embedded SP2 as of today?

A few weeks ago, I have been replacing and managing IT inventory. What caught my attention, was that a lot of thin clients are still running Windows XP Embedded SP2. That made me think about the possible vulnerabilities since those thin clients…
SP-Brown
  • 73
  • 7
1
vote
0 answers

Open Source Software & Android Malware Campaigns

I am looking to find a report that lists malware campaigns launched against Open Source Software (OSS) and/or Android OS. Ideally, this report would have been published in 2014. I am trying to understand what threat actors and exploiting what…
user3373370
  • 11
  • 1
1
vote
2 answers

What are the security threats when Googling and surfing when my Gmail account is open?

Suppose I log to my Gmail account. After that, I use Google to search for random websites and visit some. Are there any security threats on my Gmail account when Googling and surfing the net while it is open ? This picture, hopefully, explains what…
user45139
1
vote
0 answers

Password automatically typed into user box on facebook

Just want to ask some questions regarding on this strange experience while logging on my account on Facebook There are cases that I'm accidentally typing my password into the username box of the Facebook log-in page without knowing it. I'm gonna…
mikemolts
  • 11
  • 1
1
vote
1 answer

Is authentication through proxy sites safer?

usually in office or wherever whenever we are blocked with gmail and facebook websites,we used to browse the site with the proxy sites,we used to pass our login data through proxy sites,my question is since we are exploring through proxy servers,is…
BlueBerry - Vignesh4303
  • 5,107
  • 13
  • 34
  • 63
1
vote
2 answers

Malware for testing

IS there websites and places where you can download all types of malware that you can run and test the security setup of your system? I am currently playing around with UAC+EMET4+MSE and would like to see how well the system responds to different…
Travis Thompson
  • 539
  • 1
  • 5
  • 9
1 2
3
4 5 6 7