XSLT Server Side Injection Attacks
http://ift.tt/2hLEsK3
Submitted October 04, 2017 at 02:29PM by spudd01
via reddit http://ift.tt/2fLjRBx
http://ift.tt/2hLEsK3
Submitted October 04, 2017 at 02:29PM by spudd01
via reddit http://ift.tt/2fLjRBx
Context Information Security
XSLT Server Side Injection Attacks | Context Information Security
In this blog post we present a selection of attacks against XSLT to show the risks of using this technology in an insecure way.
An Interview With Purism CEO & Founder Todd Weaver: "Expect More Librem 5 Partnerships In Near Future"
http://ift.tt/2yFZ8Gn
Submitted October 04, 2017 at 04:20PM by casabanclock
via reddit http://ift.tt/2xSTlyl
http://ift.tt/2yFZ8Gn
Submitted October 04, 2017 at 04:20PM by casabanclock
via reddit http://ift.tt/2xSTlyl
Fossbytes
An Interview With Purism CEO & Founder Todd Weaver: "Expect More Librem 5 Partnerships In Near Future"
Recently, we chatted with Purism CEO and founder Todd Weaver via email, who shared some details regarding Librem 5 and future plans.
Forwarded from D a n i
Follow this channel for information about bug bounties, resources, write-ups, latest vulnerabilities and much more. Happy hunting! https://news.1rj.ru/str/thebugbountyhunter
Telegram
The Bug Bounty Hunter
Happy hunting!
thebugbountyhunter.com
hello@thebugbountyhunter.com
thebugbountyhunter.com
hello@thebugbountyhunter.com
Another Flip in the Wall of Rowhammer Defenses
http://ift.tt/2xSEeov
Submitted October 04, 2017 at 04:50PM by ranok
via reddit http://ift.tt/2gb2FpA
http://ift.tt/2xSEeov
Submitted October 04, 2017 at 04:50PM by ranok
via reddit http://ift.tt/2gb2FpA
US Studying Ways To End Use of Social Security Numbers For ID
U.S officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans.The White House cybersecurity coordinator told a forum at the Washington Post that officials were studying ways to use "modern cryptographic identifiers" to replace social security numbers.His comments come after news that some 145 million Americans may have had personal information leaked, including the important social security numbers, in a breach at Equifax, one of three big US firms which collect data for credit applications.The administration has asked officials from several agencies to come up with ideas for "a better system" which may involve cryptography. This may involve "a public and private key" including something that could be revoked if it has been compromised.Get some more details here
Submitted October 04, 2017 at 05:02PM by karthikaag
via reddit http://ift.tt/2fIZRPJ
U.S officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans.The White House cybersecurity coordinator told a forum at the Washington Post that officials were studying ways to use "modern cryptographic identifiers" to replace social security numbers.His comments come after news that some 145 million Americans may have had personal information leaked, including the important social security numbers, in a breach at Equifax, one of three big US firms which collect data for credit applications.The administration has asked officials from several agencies to come up with ideas for "a better system" which may involve cryptography. This may involve "a public and private key" including something that could be revoked if it has been compromised.Get some more details here
Submitted October 04, 2017 at 05:02PM by karthikaag
via reddit http://ift.tt/2fIZRPJ
YouTube
US Studying Ways To End Use of Social Security Numbers For ID
U.S officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for mi...
One more week of the Humble Book Bundle: Hacking Reloaded presented by No Starch Press
http://ift.tt/2xBlV8K
Submitted October 04, 2017 at 06:44PM by 13378
via reddit http://ift.tt/2fQOmK1
http://ift.tt/2xBlV8K
Submitted October 04, 2017 at 06:44PM by 13378
via reddit http://ift.tt/2fQOmK1
Humble Bundle
Humble Book Bundle: Hacking Reloaded presented by No Starch Press
Pay what you want for hacking books from No Starch and support charity!
Cybereason/siofra - Automated DLL hijacking vulnerability scanner and PE infector tool
http://ift.tt/2xZWVZv
Submitted October 04, 2017 at 06:40PM by petermal67
via reddit http://ift.tt/2yI4Rvq
http://ift.tt/2xZWVZv
Submitted October 04, 2017 at 06:40PM by petermal67
via reddit http://ift.tt/2yI4Rvq
GitHub
Cybereason/siofra
Contribute to siofra development by creating an account on GitHub.
Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
http://ift.tt/2x9SLdB
Submitted October 04, 2017 at 07:19PM by TromPete_pete
via reddit http://ift.tt/2fRx67c
http://ift.tt/2x9SLdB
Submitted October 04, 2017 at 07:19PM by TromPete_pete
via reddit http://ift.tt/2fRx67c
Google Online Security Blog
Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
Posted by Fermin J. Serna, Staff Software Engineer, Matt Linton, Senior Security Engineer and Kevin Stadmeyer, Technical Program Manager O...
Security In 5: Episode 82 - CIS 19 Incident Response
http://ift.tt/2xSXu59
Submitted October 04, 2017 at 06:41PM by BinaryBlog
via reddit http://ift.tt/2xYpki4
http://ift.tt/2xSXu59
Submitted October 04, 2017 at 06:41PM by BinaryBlog
via reddit http://ift.tt/2xYpki4
Libsyn
Security In Five Podcast: Episode 82 - CIS 19 Incident Response
Continuing in the Critical Security Controls we are at number nineteen. Incident Response. Now that you have all the tools, policies and procedures in place what do you do with the alerts? How you respond to an incident is vital and makes your investments…
The Stuxnet of Mobile Malware (for Android)
http://ift.tt/2xV3XwJ
Submitted October 04, 2017 at 08:00PM by Mi3Security
via reddit http://ift.tt/2yq7w0E
http://ift.tt/2xV3XwJ
Submitted October 04, 2017 at 08:00PM by Mi3Security
via reddit http://ift.tt/2yq7w0E
VMware Escapology - Researchers from ZDI release Metasploit modules for VMware Escapes
http://ift.tt/2gbnqRQ
Submitted October 04, 2017 at 09:08PM by RedmondSecGnome
via reddit http://ift.tt/2xYOhtD
http://ift.tt/2gbnqRQ
Submitted October 04, 2017 at 09:08PM by RedmondSecGnome
via reddit http://ift.tt/2xYOhtD
Zero Day Initiative
VMware Escapology – How to Houdini the Hypervisor
Recently at the DerbyCon conference in Louisville, KY, Jasiel and I
presented “VMware Escapology: How to Houdini The Hypervisor.” My colleague
Abdul-Aziz Hariri has blogged about VMware escapes in the past.
Unfortunately, circumstances prevented Abdul…
presented “VMware Escapology: How to Houdini The Hypervisor.” My colleague
Abdul-Aziz Hariri has blogged about VMware escapes in the past.
Unfortunately, circumstances prevented Abdul…
Privacy implications of email tracking
http://ift.tt/2fTcYym
Submitted October 04, 2017 at 08:05PM by tamir777
via reddit http://ift.tt/2koeIV2
http://ift.tt/2fTcYym
Submitted October 04, 2017 at 08:05PM by tamir777
via reddit http://ift.tt/2koeIV2
Micropatching a Hypervisor With Running Virtual Machines (CVE-2017-4924)
http://ift.tt/2xYI15b
Submitted October 04, 2017 at 07:17PM by 0patch
via reddit http://ift.tt/2hN34SP
http://ift.tt/2xYI15b
Submitted October 04, 2017 at 07:17PM by 0patch
via reddit http://ift.tt/2hN34SP
0patch.blogspot.co.uk
Micropatching a Hypervisor With Running Virtual Machines (CVE-2017-4924)
The Now and the Future of Hypervisor Patching by Luka Treiber and Mitja Kolsek of 0patch Team Introduction Those of you following ou...
Never before seen virus behaviour(?)
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for, and I thought it could just be a website that you can upload stuff but it looked like whatever I searched for in that website I would just find a fake upload that is just a virus(Virustotall says it's clean). So this file I found was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name) instead of another folder (which is most common with archived folders). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere "Source:" and some long name like "torrentz-something". And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the two website shortcuts where "replaced" by two other shortcuts named exactly the same as the original ones but had and outdated version of the Chrome logo. I can't recall the Chrome browser shortcut being replaced another one other than the website shortcuts. My antivirus later found the threat and the shortcuts disappeared, I later checked on avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position.Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:10PM by Mighty-Pirate
via reddit http://ift.tt/2xZ0zlS
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for, and I thought it could just be a website that you can upload stuff but it looked like whatever I searched for in that website I would just find a fake upload that is just a virus(Virustotall says it's clean). So this file I found was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name) instead of another folder (which is most common with archived folders). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere "Source:" and some long name like "torrentz-something". And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the two website shortcuts where "replaced" by two other shortcuts named exactly the same as the original ones but had and outdated version of the Chrome logo. I can't recall the Chrome browser shortcut being replaced another one other than the website shortcuts. My antivirus later found the threat and the shortcuts disappeared, I later checked on avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position.Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:10PM by Mighty-Pirate
via reddit http://ift.tt/2xZ0zlS
tradownload.biz
Download Iso2eboot v3 files - TraDownload
Here you can download iso2eboot v3 shared files: iso2eboot v2.exe mediafire.com W8T.kms.v3.3.2.exe mega.co.nz 12.39 MB bergi commando 3 frozen hoskow v1 0 3 motorola v3 j2me retail onepda 4Shared free from TraDownload.
Exposing Server IPs Behind CloudFlare
http://ift.tt/2yVTNMg
Submitted October 04, 2017 at 09:41PM by stbernardy
via reddit http://ift.tt/2gbG10p
http://ift.tt/2yVTNMg
Submitted October 04, 2017 at 09:41PM by stbernardy
via reddit http://ift.tt/2gbG10p
www.chokepoint.net
Exposing Server IPs Behind CloudFlare
Introduction CloudFlare is a complete solution offering Content Deliver Network (CDN) style capabilities along with Web Application Firewa...
How New Relic Does Security
http://ift.tt/2xRsLbl
Submitted October 04, 2017 at 11:07PM by misterkwon
via reddit http://ift.tt/2fKJ9Qh
http://ift.tt/2xRsLbl
Submitted October 04, 2017 at 11:07PM by misterkwon
via reddit http://ift.tt/2fKJ9Qh
Heavybit
The Secure Developer | Ep. #13, How New Relic Does Security | Heavybit
In the latest episode of The Secure Developer, Guy is joined by Shaun Gordon, Chief Security Officer at New Relic. Shaun tells us how he got into a career in security and explains how the role of security has evolved at New Relic.
Uncommon virus behaviour(?)
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for. I thought it could just be a file-hosting website, and it probably is but I'm not at all familiar with it (Virustotall says it's clean). So this file it got from there was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had a RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere 'Source: torrentz' and something like a long URL. And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the shortcuts were "replaced" by other shortcuts named exactly the same as the original ones but had an outdated version of the Chrome logo as an icon. My antivirus later found the threat and the shortcuts disappeared, I later checked on Avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position. Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:29PM by Mighty-Pirate
via reddit http://ift.tt/2yJ3Enw
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for. I thought it could just be a file-hosting website, and it probably is but I'm not at all familiar with it (Virustotall says it's clean). So this file it got from there was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had a RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere 'Source: torrentz' and something like a long URL. And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the shortcuts were "replaced" by other shortcuts named exactly the same as the original ones but had an outdated version of the Chrome logo as an icon. My antivirus later found the threat and the shortcuts disappeared, I later checked on Avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position. Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:29PM by Mighty-Pirate
via reddit http://ift.tt/2yJ3Enw
tradownload.biz
Download Iso2eboot v3 files - TraDownload
Here you can download iso2eboot v3 shared files: iso2eboot v2.exe mediafire.com W8T.kms.v3.3.2.exe mega.co.nz 12.39 MB bergi commando 3 frozen hoskow v1 0 3 motorola v3 j2me retail onepda 4Shared free from TraDownload.
6 Fresh Horrors From the Equifax CEO's Congressional Hearing
http://ift.tt/2yHAOEg
Submitted October 04, 2017 at 11:23PM by SecurityTrust
via reddit http://ift.tt/2xZxve3
http://ift.tt/2yHAOEg
Submitted October 04, 2017 at 11:23PM by SecurityTrust
via reddit http://ift.tt/2xZxve3
WIRED
6 Fresh Horrors From the Equifax CEO's Congressional Hearing
With each new revelation about the devastating Equifax breach, the company's defenses and response appear increasingly inadequate.
Lay of the Land with BloodHound
http://ift.tt/2kkuMHa
Submitted October 04, 2017 at 11:56PM by tevora-threat
via reddit http://ift.tt/2fRlMYH
http://ift.tt/2kkuMHa
Submitted October 04, 2017 at 11:56PM by tevora-threat
via reddit http://ift.tt/2fRlMYH
Tevora Threat
Lay of the Land with BloodHound
In this blog post, I’ll take you through how to get started with BloodHound and how to use it to map and own Active Directory environments.
VulnScan – Automated triage and root cause analysis of memory corruption issues
http://ift.tt/2g8YpHc
Submitted October 04, 2017 at 10:45PM by hr34vo
via reddit http://ift.tt/2wxYYjQ
http://ift.tt/2g8YpHc
Submitted October 04, 2017 at 10:45PM by hr34vo
via reddit http://ift.tt/2wxYYjQ
Security Research & Defense
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
The Microsoft Security Response Center (MSRC) receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of…
Automated Opaque Predicate Removal
http://ift.tt/2xT0Dnf
Submitted October 05, 2017 at 01:11AM by plaforce
via reddit http://ift.tt/2fLYtfq
http://ift.tt/2xT0Dnf
Submitted October 05, 2017 at 01:11AM by plaforce
via reddit http://ift.tt/2fLYtfq
binary.ninja
Binary Ninja > Automated Opaque Predicate Removal
Binary Ninja : A Reverse Engineering Platform