The new aLTEr attack can be used against nearly all LTE connected endpoints by intercepting traffic and redirecting it to malicious websites. This article summarizes how the attack works, and suggests ways to protect yourself from it – including a specific approach for Apple iOS devices.

Protecting iOS against the aLTEr attacks | Network World

Most organizations have a firewall that acts as a filter between their sensitive internal networks and the threatening global Internet. DNS tunneling has been around for a while. But it continues to cost companies and has seen hackers invest more time and effort developing tools. A recent study[1] found that DNS attacks in the UK alone have risen 105% in the past year. DNS tunneling is attractive–hackers can get any data in and out of your internal network while bypassing most firewalls. Whether it’s used to command and control (C&C) compromised systems, leak sensitive data outside, or to tunnel inside your closed network, DNS Tunneling poses a substantial risk to your organization. Here’s everything you need to know about the attack, the tools and how to stop it.

How Hackers Use DNS Tunneling to Own Your Network (cynet.com)

Key Points

1. Download and install the latest version of Gpg4win
2. Create a new key pair
3. Look at the advanced settings
4. Export the public key
5. Open the key with notepad
6. Export the secret key
7. Import a public key into Kleaopatra into the imported certificates tab
8. Encrypt with the public of a person
9. Encrypt a file with a public key someone sent you by R-clicking on the file
10. Paste the encrypted data in your clipboard to a notepad document
11. Send the encrypted message to the owner of the public used to encrypt the data.
12. With the encrypted message on the clipboard, R-click the Kleaopatra icon on the system tray and choose decrypt
13. Copy the decrypted message on your clipboard to a new document in notepad.

https://www.youtube.com/watch?v=CEADq-B8KtI

How to Encrypt Email in Kleopatra

https://heimdalsecurity.com/blog/how-to-encrypt-email/

Summary

This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).

This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.

Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system.

Click here for a PDF version of this report.

Top Routinely Exploited Vulnerabilities | CISA

CEH Certified Ethical Hacker Practice Exams, Fourth Edition.pdf

CEHv11 – 312-50v11 ExamTopics Practice Questions.pdf

Capítulo 5 Gestión de identidades y accesos (IAM).pdf

https://www.youtube.com/watch?v=CEADq-B8KtI

MS-101 M365 Mobility and Security – Exam Simulation – all questions.pdf

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Enumeration | MetaData Harvesting

A tool for DNS Recon, Brute Forcer, Email Enumeration etc. – Bluto > Blog-D without Nonsense (dannyda.com)