Apache Tomcat Patch for Remote Code Execution
http://ift.tt/2fVyxld
Submitted October 06, 2017 at 07:22AM by securitynewsIO
via reddit http://ift.tt/2y3iRmA
http://ift.tt/2fVyxld
Submitted October 06, 2017 at 07:22AM by securitynewsIO
via reddit http://ift.tt/2y3iRmA
Security News iO
Apache Tomcat Patch for Remote Code Execution | Security News iO
The team at Apache issued a Tomcat patch for important remote code execution vulnerabilities. 70% of webservers were uncovered the past few weeks.
Best Dolphin Security Guards Services Provider Company in Ahmedabad
https://www.youtube.com/watch?v=-oKkU4psAeY&feature=youtu.be
Submitted October 06, 2017 at 10:37AM by dolphinsecurity
via reddit http://ift.tt/2fVBLoQ
https://www.youtube.com/watch?v=-oKkU4psAeY&feature=youtu.be
Submitted October 06, 2017 at 10:37AM by dolphinsecurity
via reddit http://ift.tt/2fVBLoQ
YouTube
Best Dolphin Security Guards Services Provider Company in Ahmedabad
Dolphin Group is the Best Security Guards Services Provider Company in Ahmedabad.
A Question about Replay Attacks
I was reading an article about windows audit policies- Audit Other Account Logon Events here: http://ift.tt/2xlw3UG and one of the features of this policy got my attention, the one that says A replay attack is detected. This event indicates that a Kerberos request was received twice with identical information. This condition could also be caused by network misconfiguration.I know what replay attack is, and how it works. What I want to ask you guys is how a misconfiguration such this can happen? What can you do in your network to send the packets twice and mess with event viewer like this?
Submitted October 06, 2017 at 12:06PM by arsalanjp
via reddit http://ift.tt/2fN7hRW
I was reading an article about windows audit policies- Audit Other Account Logon Events here: http://ift.tt/2xlw3UG and one of the features of this policy got my attention, the one that says A replay attack is detected. This event indicates that a Kerberos request was received twice with identical information. This condition could also be caused by network misconfiguration.I know what replay attack is, and how it works. What I want to ask you guys is how a misconfiguration such this can happen? What can you do in your network to send the packets twice and mess with event viewer like this?
Submitted October 06, 2017 at 12:06PM by arsalanjp
via reddit http://ift.tt/2fN7hRW
Hunting With Active Directory Replication Metadata
http://ift.tt/2fP55tk
Submitted October 06, 2017 at 12:26PM by campuscodi
via reddit http://ift.tt/2y521DF
http://ift.tt/2fP55tk
Submitted October 06, 2017 at 12:26PM by campuscodi
via reddit http://ift.tt/2y521DF
Posts By SpecterOps Team Members
Hunting With Active Directory Replication Metadata
With the recent release of BloodHound’s ACL Attack Path Update as well as the work on Active Directory DACL backdooring by @_wald0 and myself (whitepaper here), I started to investigate ACL-based…
Apache Releases Security Updates for Apache Tomcat
http://ift.tt/2wEs9Rm
Submitted October 06, 2017 at 12:43PM by i-bar
via reddit http://ift.tt/2y50P3a
http://ift.tt/2wEs9Rm
Submitted October 06, 2017 at 12:43PM by i-bar
via reddit http://ift.tt/2y50P3a
www.us-cert.gov
Apache Releases Security Updates for Apache Tomcat | US-CERT
The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server.
Apple gave Uber's app 'unprecedented' access to a secret backdoor that can record iPhone screens
http://ift.tt/2fO7WTd
Submitted October 06, 2017 at 01:30PM by GemmaJ123
via reddit http://ift.tt/2kpzsM9
http://ift.tt/2fO7WTd
Submitted October 06, 2017 at 01:30PM by GemmaJ123
via reddit http://ift.tt/2kpzsM9
Business Insider
Apple gave Uber's app 'unprecedented' access to a secret backdoor that can record iPhone screens
The existence of Uber's access to special iPhone functions is not disclosed in any consumer-facing information included with its app.
Security Industry | Security Market Research Reports | Online Market Research
http://ift.tt/2y5bc75
Submitted October 06, 2017 at 02:15PM by tinapp1417
via reddit http://ift.tt/2fYtSyN
http://ift.tt/2y5bc75
Submitted October 06, 2017 at 02:15PM by tinapp1417
via reddit http://ift.tt/2fYtSyN
More questions than answers after a third data breach at the NSA is revealed
http://ift.tt/2y5oUqE
Submitted October 06, 2017 at 02:11PM by MicheeLengronne
via reddit http://ift.tt/2fW0hGv
http://ift.tt/2y5oUqE
Submitted October 06, 2017 at 02:11PM by MicheeLengronne
via reddit http://ift.tt/2fW0hGv
CSO Online
More questions than answers after a third data breach at the NSA is revealed
A report in The Wall Street Journal says that hackers working for the Russian government stole sensitive documents from a NSA contractor's home computer. The story goes on to say the contractor was targeted after the files were discovered by Kaspersky's Anti…
Apple Issues Emergency Patch to Fix Password Leak in Disk Encryption Utility
http://ift.tt/2fUBzGo
Submitted October 06, 2017 at 03:57PM by lastagilto
via reddit http://ift.tt/2fU76rS
http://ift.tt/2fUBzGo
Submitted October 06, 2017 at 03:57PM by lastagilto
via reddit http://ift.tt/2fU76rS
BleepingComputer
Apple Issues Emergency Patch to Fix Password Leak in Disk Encryption Utility
Earlier today, Apple has issued an emergency update for macOS High Sierra to address a bug that exposed the passwords of encrypted APFS volumes via the password hint feature.
7 Practices that Make Your Organization Vulnerable to Cyber Attacks
http://ift.tt/2fQP06A
Submitted October 06, 2017 at 05:09PM by Lime_proxies
via reddit http://ift.tt/2yv5MmQ
http://ift.tt/2fQP06A
Submitted October 06, 2017 at 05:09PM by Lime_proxies
via reddit http://ift.tt/2yv5MmQ
Limeproxies
7 Practices that Make Your Organization Vulnerable to Cyber Attacks -
When an attacker penetrates an organization’s computer network and lays hold of institutional or personal data, the effects can be devastating. A company is likely to lose any of the following in the wake of a breach: reputation, time spent dealing.
Official reason behind the Kaspersky ban
http://ift.tt/2fM3KmU
Submitted October 06, 2017 at 05:05PM by ixiss
via reddit http://ift.tt/2ggajPj
http://ift.tt/2fM3KmU
Submitted October 06, 2017 at 05:05PM by ixiss
via reddit http://ift.tt/2ggajPj
NBC News
Hackers stole NSA tools from contractor who used Kaspersky software
Russian hackers were able to identify the material and access the contractor's home machine because he was using Kaspersky software, a former official said.
How we bypassed the Intel Boot Guard :)
http://ift.tt/2geRs7p
Submitted October 06, 2017 at 04:53PM by Embedi
via reddit http://ift.tt/2geT94D
http://ift.tt/2geRs7p
Submitted October 06, 2017 at 04:53PM by Embedi
via reddit http://ift.tt/2geT94D
Embedi
Bypassing Intel Boot Guard
In recent years, there is an increasing attention to the UEFI BIOS security. As a result, there are more advanced technologies created to protect UEFI BIOS from illegal modifications. One of such technologies is Intel Boot Guard (BG) – a hardware-assisted…
Security In 5: Episode 84 - CIS 20 Penetration Tests
http://ift.tt/2y437ze
Submitted October 06, 2017 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2fXC9mR
http://ift.tt/2y437ze
Submitted October 06, 2017 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2fXC9mR
Libsyn
Security In Five Podcast: Episode 84 - CIS 20 Penetration Tests
We conclude the Critical Security Control series with number twenty. Penetration tests. You have all the other controls in place, your teams running with synergy, and you are protected. Now you need to prove it through testing. Actively, and in a controlled…
When Security Features Collide
http://ift.tt/2y5fzyN
Submitted October 06, 2017 at 08:09PM by albinowax
via reddit http://ift.tt/2wBoAw8
http://ift.tt/2y5fzyN
Submitted October 06, 2017 at 08:09PM by albinowax
via reddit http://ift.tt/2wBoAw8
blog.portswigger.net
When Security Features Collide
Layered security mechanisms are forcefully promoted by industry standards such as PCI DSS and (briefly) the OWASP Top 10 . In this post, ...
Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs
http://ift.tt/2ys7cif
Submitted October 06, 2017 at 05:28PM by kindstrom
via reddit http://ift.tt/2fYg5bz
http://ift.tt/2ys7cif
Submitted October 06, 2017 at 05:28PM by kindstrom
via reddit http://ift.tt/2fYg5bz
googleprojectzero.blogspot.co.uk
Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs
Posted by Mateusz Jurczyk of Google Project Zero Patch diffing is a common technique of comparing two binary builds of the same code – ...
Is Your ID/Password model rooted in First Mile or Second Mile Authentication?
http://ift.tt/2fYEZYJ
Submitted October 07, 2017 at 02:23AM by Ricmerrifield
via reddit http://ift.tt/2wChoQx
http://ift.tt/2fYEZYJ
Submitted October 07, 2017 at 02:23AM by Ricmerrifield
via reddit http://ift.tt/2wChoQx
Ric Merrifield
The Dirty Little Secret About Your Authentication: It Probably Starts at Mile 2 - Ric Merrifield
We are all tired of logins and passwords, and the promise of switching to the use of biometrics to replace all of that. The new Apple phone has done a fantastic job of explaining what’s possible for going way beyond the easy to hack fingerprint to the facial…
security.txt
http://ift.tt/2fWIVt2
Submitted October 07, 2017 at 01:18AM by lastagilto
via reddit http://ift.tt/2krbXCp
http://ift.tt/2fWIVt2
Submitted October 07, 2017 at 01:18AM by lastagilto
via reddit http://ift.tt/2krbXCp
reddit
security.txt • r/security
1 points and 0 comments so far on reddit
Join StormWind Studios' 30-Minutes to a Less Vulnerable Network: How to Start or Improve Your Vulnerability Management Program with an author of the CISSP CBK 2018
http://ift.tt/2xnMtqH
Submitted October 07, 2017 at 12:24AM by StormWindStudios
via reddit http://ift.tt/2wCFhHE
http://ift.tt/2xnMtqH
Submitted October 07, 2017 at 12:24AM by StormWindStudios
via reddit http://ift.tt/2wCFhHE
BigMarker.com
30 Minutes To A Less Vulnerable Network
Vulnerability management is an important element of creating a secure networking environment. Join Mike Vasquez, Senior Technical Instructor at StormWind Studios, as we discuss vulnerability management and tools for companies of all sizes. Learn how to make…
iOS 11's Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security
http://ift.tt/2xkBGT5
Submitted October 07, 2017 at 02:53AM by Irrational86
via reddit http://ift.tt/2hV8jQx
http://ift.tt/2xkBGT5
Submitted October 07, 2017 at 02:53AM by Irrational86
via reddit http://ift.tt/2hV8jQx
Electronic Frontier Foundation
iOS 11’s Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security
Turning off your Bluetooth and Wi-Fi radios when you’re not using them is good security practice (not to mention good for your battery usage). When you consider Bluetooth’s known vulnerabilities, it’s especially important to make sure your Bluetooth and Wi…
Playbook Walkthrough: Driving End-User Participation With Failed Login Playbooks
http://ift.tt/2fQtfDL
Submitted October 07, 2017 at 03:33AM by abhishekiyer
via reddit http://ift.tt/2xXZjjX
http://ift.tt/2fQtfDL
Submitted October 07, 2017 at 03:33AM by abhishekiyer
via reddit http://ift.tt/2xXZjjX
Demisto
Playbook Walkthrough: Driving End-User Participation With Failed Login Playbooks
Through a failed login example, we illustrates how playbooks can be configured to read end user responses, analyze them, and perform subsequent actions.
ReproNow: Capture and Sync Screen + Network - Can be used for reproducing security bugs and also bug bounty
http://ift.tt/2xRlMPm
Submitted October 07, 2017 at 05:20AM by vinayendratn
via reddit http://ift.tt/2hUiX9S
http://ift.tt/2xRlMPm
Submitted October 07, 2017 at 05:20AM by vinayendratn
via reddit http://ift.tt/2hUiX9S
Medium
Capture Screen + Network = ReproNow
Let’s imagine you are given a task to fix a web bug that is filed by someone. You will have to understand what is the bug, find the…