Security Now 631 Private Contact Discovery | TWiT.TV
http://ift.tt/2yoBjXG
Submitted October 05, 2017 at 03:44AM by dmp1ce
via reddit http://ift.tt/2xV3gmW
http://ift.tt/2yoBjXG
Submitted October 05, 2017 at 03:44AM by dmp1ce
via reddit http://ift.tt/2xV3gmW
TWiT.tv
Security Now 631 Private Contact Discovery | TWiT.TV
This week we discuss some aspects of iOS v11, the emergence of browser hijack cryptocurrency mining, new information about the Equifax hack, Google security research and Gmail impr…
Week 39 in Information Security, 2017
http://ift.tt/2xhcEEm
Submitted October 05, 2017 at 02:46AM by undercomm
via reddit http://ift.tt/2fLc4n8
http://ift.tt/2xhcEEm
Submitted October 05, 2017 at 02:46AM by undercomm
via reddit http://ift.tt/2fLc4n8
Malgregator
InfoSec Week 39, 2017
Security researcher Gal Beniamini from Google has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other...
Larry Ellison On Cyber Attacks: 'It's A War -- And We're Losing This Cyberwar'
http://ift.tt/2yISejR
Submitted October 05, 2017 at 05:07AM by SecurityTrust
via reddit http://ift.tt/2yYU2Gk
http://ift.tt/2yISejR
Submitted October 05, 2017 at 05:07AM by SecurityTrust
via reddit http://ift.tt/2yYU2Gk
Forbes
Larry Ellison On Cyber Attacks: 'It's A War -- And We're Losing This Cyberwar'
"We are losing this cyberwar," Oracle chairman Larry Ellison said last night in a keynote at his company's annual OpenWorld customer conference. "And make no mistake--this is a war." Ellison outlined the huge shift in priorities that business executives must…
Are Google Cloud Instances completely backdoored from their initial launch?
I am testing out GCP at the moment and am impressed with their slick interface.I was initially amazed and then terrified to learn that with the click of a single button from within my GCP console... without ever uploading a private key of the public key that I supposedly secured my instance with then I launched... that I could login to an SSH session in my browser and get root within seconds!I know it's because I'm using a google-created debian operating system... but that seems really fucked up imho.I come from Amazon EC2 originally where they were always very strong to remind you that "if you lose your private key, we can't get into the server for you".So it's a little off putting to see that with the click of a button pretty much any google employee could just go looking around my instance?Am I crazy and is this just a really popular feature of their platform which is completely secure?I have to admit, it seems awesome to securely login to an ssh session with the click of a button in a browser... it's just a big too much magic for my liking.I like things simple, that's why I like debian.
Submitted October 05, 2017 at 07:35AM by archlinuxQuestions
via reddit http://ift.tt/2fRYhiu
I am testing out GCP at the moment and am impressed with their slick interface.I was initially amazed and then terrified to learn that with the click of a single button from within my GCP console... without ever uploading a private key of the public key that I supposedly secured my instance with then I launched... that I could login to an SSH session in my browser and get root within seconds!I know it's because I'm using a google-created debian operating system... but that seems really fucked up imho.I come from Amazon EC2 originally where they were always very strong to remind you that "if you lose your private key, we can't get into the server for you".So it's a little off putting to see that with the click of a button pretty much any google employee could just go looking around my instance?Am I crazy and is this just a really popular feature of their platform which is completely secure?I have to admit, it seems awesome to securely login to an ssh session with the click of a button in a browser... it's just a big too much magic for my liking.I like things simple, that's why I like debian.
Submitted October 05, 2017 at 07:35AM by archlinuxQuestions
via reddit http://ift.tt/2fRYhiu
reddit
Are Google Cloud Instances completely backdoored from... • r/security
I am testing out GCP at the moment and am impressed with their slick interface. I was initially amazed and then terrified to learn that with the...
Hello Redditor Security Pro's :-) I made a website that links to a lot of IT security documentation in one place. We also have a ton of original content. Is it helpful for you? I'd love to know your thoughts before I sink more time and money into it.
http://ift.tt/2xNeUTK
Submitted October 05, 2017 at 09:53AM by paperboy-
via reddit http://ift.tt/2y1BhUD
http://ift.tt/2xNeUTK
Submitted October 05, 2017 at 09:53AM by paperboy-
via reddit http://ift.tt/2y1BhUD
Securitydocs
SecurityDocs
A collection of IT security articles and white papers
OpenSSH 7.6 (2017-10-03): SSH protocol version 1 support has been completely removed, after being compile-time disabled by default since OpenSSH 7.0 (2015-08-11)
http://ift.tt/2fOLmxA
Submitted October 05, 2017 at 12:26PM by Mcnst
via reddit http://ift.tt/2fTODvw
http://ift.tt/2fOLmxA
Submitted October 05, 2017 at 12:26PM by Mcnst
via reddit http://ift.tt/2fTODvw
reddit
OpenSSH 7.6 (2017-10-03): SSH protocol version 1... • r/netsec
5 points and 1 comments so far on reddit
Handpicked Books for Security Professionals
http://ift.tt/2hO7hFE
Submitted October 05, 2017 at 11:36AM by ajinabraham
via reddit http://ift.tt/2yr6dPi
http://ift.tt/2hO7hFE
Submitted October 05, 2017 at 11:36AM by ajinabraham
via reddit http://ift.tt/2yr6dPi
OpSecX
Security Books
At OpSecX, we understand the importance of security education. We believe that books are great resources that provide detailed and in-depth knowledge on a topic and serves as a great reference material. If you are into books, then we recommend the following…
Mattel Aristotle canceled over privacy concerns
http://ift.tt/2gbf1Oq
Submitted October 05, 2017 at 01:39PM by winflare
via reddit http://ift.tt/2xUw01m
http://ift.tt/2gbf1Oq
Submitted October 05, 2017 at 01:39PM by winflare
via reddit http://ift.tt/2xUw01m
Winflare
Mattel Aristotle canceled over privacy concerns - Winflare
Mattel said Wednesday that it will not move forward with plans to sell a kid-focused smart hub after new executives decided it did not “fully align with Mattel’s new technology strategy,” according to a company statement. Children’s health and privacy advocates…
Equifax data breach was due to one person's error says former CEO
http://ift.tt/2xTpLJ4
Submitted October 05, 2017 at 01:31PM by imr2017
via reddit http://ift.tt/2gbf4d4
http://ift.tt/2xTpLJ4
Submitted October 05, 2017 at 01:31PM by imr2017
via reddit http://ift.tt/2gbf4d4
International Business Times UK
Equifax data breach was due to one person's error says former CEO
Former CEO of Equifax blames a security team employee for failing to plug security vulnerability.
[LIVE] ISACA/CERT.LV Conference "Cyberchess 2017" (EU cybersec month)
http://ift.tt/2y1nZaC
Submitted October 05, 2017 at 01:14PM by _Ki_
via reddit http://ift.tt/2fMgf1T
http://ift.tt/2y1nZaC
Submitted October 05, 2017 at 01:14PM by _Ki_
via reddit http://ift.tt/2fMgf1T
CERT.LV - Informācijas Tehnoloģiju drošības incidentu novēršanas institūcija
Cybersecurity conference "Cyberchess 2017"
Cybersecurity conference "Cyberchess 2017" will be held on October 5, 2017 in Riga, Latvia. Topics will cover IoT security, NIS directive, General Data Protection Regulation (GDPR), cybersecurity research and more.
How I could have mass uploaded from every Flickr account
http://ift.tt/2yJeNop
Submitted October 05, 2017 at 01:46PM by albinowax
via reddit http://ift.tt/2wzoV2E
http://ift.tt/2yJeNop
Submitted October 05, 2017 at 01:46PM by albinowax
via reddit http://ift.tt/2wzoV2E
Just Another Hacking blog
How I could have mass uploaded from every Flickr account!
This was one of my first valid security issue on the Yahoo Bug bounty program. I wanted to write about this very specific bug because I haven’t really seen anyone reporting this kind of issue…
NotRuler: Turning Offence into Defence
http://ift.tt/2ylQ1Pn
Submitted October 05, 2017 at 01:41PM by 0xdea
via reddit http://ift.tt/2wzoYLS
http://ift.tt/2ylQ1Pn
Submitted October 05, 2017 at 01:41PM by 0xdea
via reddit http://ift.tt/2wzoYLS
Sensepost
SensePost | Notruler – turning offence into defence
Leaders in Information Security
CSE CybSec ZLAB Malware Analysis Report: APT28 Hospitality malware
http://ift.tt/2yZgGP1
Submitted October 05, 2017 at 02:21PM by MicheeLengronne
via reddit http://ift.tt/2z14MnQ
http://ift.tt/2yZgGP1
Submitted October 05, 2017 at 02:21PM by MicheeLengronne
via reddit http://ift.tt/2z14MnQ
Security Affairs
CSE CybSec ZLAB Malware Analysis Report: APT28 Hospitality malware - Security Affairs
The CSE CybSec Z-Lab Malware Lab analyzed the Hospitality malware used by the Russian APT28 group to target hotels in several European countries.
Contact for Security, Manpower, Facility management services in Delhi NCR
http://ift.tt/2xjdGe4
Submitted October 05, 2017 at 02:34PM by vasundhara923
via reddit http://ift.tt/2yKHXUk
http://ift.tt/2xjdGe4
Submitted October 05, 2017 at 02:34PM by vasundhara923
via reddit http://ift.tt/2yKHXUk
vasundharaenterprises.co.in
Contact for Security, Manpower, Facility management services
Vasundhara Enterprises offers security services, manpower supply services & facility management services in delhi, gurgaon, chandigarh & mohali .
Yahoo Triples Likely Scope of 2013 Hack to 3 Billion Users
http://ift.tt/2kjaWfv
Submitted October 05, 2017 at 02:30PM by GemmaJ123
via reddit http://ift.tt/2xjiZdq
http://ift.tt/2kjaWfv
Submitted October 05, 2017 at 02:30PM by GemmaJ123
via reddit http://ift.tt/2xjiZdq
Bloomberg.com
Yahoo Triples Likely Scope of 2013 Hack to 3 Billion Users
Yahoo, the internet company acquired by Verizon Communications Inc. this year, now believes a 2013 security breach exposed all 3 billion of its users at the time.
Read on the Web: Attackers Redefining Objectives, Approaches
http://ift.tt/2xTIarx
Submitted October 05, 2017 at 06:05PM by MicheeLengronne
via reddit http://ift.tt/2yJqtrs
http://ift.tt/2xTIarx
Submitted October 05, 2017 at 06:05PM by MicheeLengronne
via reddit http://ift.tt/2yJqtrs
Limawi
Read on the Web: Attackers Redefining Objectives, Approaches
Read on the Web: The nature of cyberattacks is changing and increasingly leveraging social media as they take aim at new targets. That’s the consensus of cybersecurity experts discussi...
Security In 5: Episode 83 - The Dangers Of Neglecting Your Wordpress Install
http://ift.tt/2y32SEO
Submitted October 05, 2017 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2fUi54B
http://ift.tt/2y32SEO
Submitted October 05, 2017 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2fUi54B
Libsyn
Security In Five Podcast: Episode 83 - The Dangers Of Neglecting Your Wordpress Install
Wordpress is one of the top blogging platforms. It's freely available, easy to install and a prime target for hackers. Vulnerabilities in the Wordpress core and plugins are found every day. If you do not stay on top of your Wordpress installation you could…
How to Extract HTTP Requests From Packet Captures As cURL Commands
http://ift.tt/2yJvP62
Submitted October 05, 2017 at 08:02PM by dentalfoss
via reddit http://ift.tt/2gddCqI
http://ift.tt/2yJvP62
Submitted October 05, 2017 at 08:02PM by dentalfoss
via reddit http://ift.tt/2gddCqI
GitHub
jullrich/pcap2curl
pcap2curl - Read a packet capture, extract HTTP requests and turn them into cURL commands for replay.
homemade virustotal (opensource)
http://ift.tt/2duqgOe
Submitted October 05, 2017 at 08:33PM by blackout-314
via reddit http://ift.tt/2yrVILw
http://ift.tt/2duqgOe
Submitted October 05, 2017 at 08:33PM by blackout-314
via reddit http://ift.tt/2yrVILw
GitHub
maliceio/malice
malice - VirusTotal Wanna Be - Now with 100% more Hipster
Cyber Threats and Russian Information Warfare – Timely on CyberWar
http://ift.tt/2o7d8aq
Submitted October 05, 2017 at 10:00PM by SecurityTrust
via reddit http://ift.tt/2y2pEfZ
http://ift.tt/2o7d8aq
Submitted October 05, 2017 at 10:00PM by SecurityTrust
via reddit http://ift.tt/2y2pEfZ
Jewish Policy Center
Cyber Threats and Russian Information Warfare – Jewish Policy Center
In his confirmation hearing to be Chairman of the Joint Chiefs of Staff, Gen. Joseph Dunford on July 9, 2015, told the U.S. Senate Armed Services committee that Russia currently poses the greatest global threat to the United States. While many understood…
In Chakra, the amount of memory reserved is unrelated to the amount requested. ZDI researcher does deep dive into the enforcement of bounds checks in native JIT code to explain why.
http://ift.tt/2fNeiCx
Submitted October 05, 2017 at 10:46PM by RedmondSecGnome
via reddit http://ift.tt/2xkblQi
http://ift.tt/2fNeiCx
Submitted October 05, 2017 at 10:46PM by RedmondSecGnome
via reddit http://ift.tt/2xkblQi
Zero Day Initiative
Check it Out: Enforcement of Bounds Checks in Native JIT Code
In my previous post, I described how the history of JavaScript has led to
the mushrooming complexity – and corresponding attack surface – of modern
JavaScript engines. Judging from submissions to the Zero Day Initiative
(ZDI), the JavaScript engine…
the mushrooming complexity – and corresponding attack surface – of modern
JavaScript engines. Judging from submissions to the Zero Day Initiative
(ZDI), the JavaScript engine…