Attackers are leveraging legitimate file sharing sites to increase phishing effectiveness

We are seeing a new variation of phishing attack that’s leveraging a users trust of legitimate file sharing services (Dropbox and Egnyte specifically) to increase the effectiveness of their phishing campaigns.  We have included similar techniques in a number of recent phishing engagements for clients and have seen a significant increase in the number of […]

Vecrypt v1.19 released and fixes multiple low, medium and critical risk vulnerabilities

The open-source encryption software and successor to Truecrypt Veracrypt has been updated to v1.19 to address vulnerabilities discovered in a recently completed code audit. The update addresses all critical, medium and low-risk vulnerabilities and workarounds have been provided for those vulnerabilities not yet addressed.  The audit was completed against Veracrypt v1.18 and was completed on […]

Hacking a penetration tester

I just finished reading this article titled “Hacking a Penetration Tester” and made a few notes that I thought may be helpful to pass along.  The basic premise of the article is that the author (Wesley McGrew) and his team were conducting a penetration test and found a Meterpreter shell that had been left behind […]