How to do cybersecurity at work
http://ift.tt/2z9JfcF
Submitted October 10, 2017 at 02:40PM by MicheeLengronne
via reddit http://ift.tt/2ycVOFn
http://ift.tt/2z9JfcF
Submitted October 10, 2017 at 02:40PM by MicheeLengronne
via reddit http://ift.tt/2ycVOFn
Naked Security
How to do cybersecurity at work
This week in National Cybersecurity Awareness Month is about how to do cybersecurity at work – and we mean all of us, not just IT!
The Absurdly Underestimated Dangers of CSV Injection [x-post from /r/programming]
http://ift.tt/2ycgGNp
Submitted October 10, 2017 at 03:53PM by 746865626c617a
via reddit http://ift.tt/2g9trlx
http://ift.tt/2ycgGNp
Submitted October 10, 2017 at 03:53PM by 746865626c617a
via reddit http://ift.tt/2g9trlx
reddit
The Absurdly Underestimated Dangers of CSV Injection... • r/netsec
5 points and 2 comments so far on reddit
The Absurdly Underestimated Dangers of CSV Injection
http://ift.tt/2ycgGNp
Submitted October 10, 2017 at 05:09PM by speckz
via reddit http://ift.tt/2xtUe3j
http://ift.tt/2ycgGNp
Submitted October 10, 2017 at 05:09PM by speckz
via reddit http://ift.tt/2xtUe3j
reddit
The Absurdly Underestimated Dangers of CSV Injection • r/security
1 points and 0 comments so far on reddit
OxygenOS is collecting a lot of personal info about your phone usage
http://ift.tt/2xupdMw
Submitted October 10, 2017 at 05:53PM by Marc66FR
via reddit http://ift.tt/2ydw9wy
http://ift.tt/2xupdMw
Submitted October 10, 2017 at 05:53PM by Marc66FR
via reddit http://ift.tt/2ydw9wy
reddit
OxygenOS is collecting a lot of personal info about... • r/netsec
16 points and 1 comments so far on reddit
North Korea and Iran Use CodeProject to Develop Their Malware
http://ift.tt/2xwwyq7
Submitted October 10, 2017 at 06:35PM by TheHermon2
via reddit http://ift.tt/2ydNx4e
http://ift.tt/2xwwyq7
Submitted October 10, 2017 at 06:35PM by TheHermon2
via reddit http://ift.tt/2ydNx4e
Intezer
North Korea and Iran Use CodeProject to Develop Their Malware - Intezer
Software developers and malware authors share a desire to work smart, not hard In the software development world, engineers frequently use ready-made code for various tasks, whether it involves copying a snippet from Stack Overflow, taking a library from…
Security In 5: Episode 86 - OWASP Top 10 Introduction
http://ift.tt/2xwwOFP
Submitted October 10, 2017 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2yWa0jU
http://ift.tt/2xwwOFP
Submitted October 10, 2017 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2yWa0jU
Libsyn
Security In Five Podcast: Episode 86 - OWASP Top 10 Introduction
OWASP is the Open Web Application Security Project. A global group set to provide developers and security professionals the tips and best practices in application development. There is more to the OWASP Top 10 than good coding practices. This is an introduction…
Threat Hunting with Sysmon: Word Document with Macros
Wrote an article on how you can detect a typical phishing attack in which a user clicks or downloads a ".doc" word document and enables a macro. This is useful when there's an incident and when we want to gain insight on how a certain malware got to a client's machine. I hope you find it useful in your environment.TLDR; Find users who open ".doc" documents and enable macros and monitor the actions with sysmon.
Submitted October 10, 2017 at 07:18PM by pdelgado
via reddit http://ift.tt/2wLXen8
Wrote an article on how you can detect a typical phishing attack in which a user clicks or downloads a ".doc" word document and enables a macro. This is useful when there's an incident and when we want to gain insight on how a certain malware got to a client's machine. I hope you find it useful in your environment.TLDR; Find users who open ".doc" documents and enable macros and monitor the actions with sysmon.
Submitted October 10, 2017 at 07:18PM by pdelgado
via reddit http://ift.tt/2wLXen8
Syspanda
Threat Hunting with Sysmon: Word Document with Macro - Syspanda
As I’ve stated before, Sysmon is a great tool for gaining insight of what’s running in our systems and what changes are occurring in our endpoints. With that being said,... [Continue Reading]
RUSSIA blocks again
http://ift.tt/2xvAX1i
Submitted October 10, 2017 at 09:21PM by dimitrirosto
via reddit http://ift.tt/2kDupb4
http://ift.tt/2xvAX1i
Submitted October 10, 2017 at 09:21PM by dimitrirosto
via reddit http://ift.tt/2kDupb4
BleepingComputer
Russia Says It Will Ban Cryptocurrency Exchanges
Sergei Shvetsov, First Deputy Chairman of the Central Bank of Russia, said he plans to ban websites that offer cryptocurrencies inside the country.
iOS Privacy: steal.password - Easily get the user's Apple ID password, just by asking
http://ift.tt/2y6h54D
Submitted October 10, 2017 at 09:06PM by FaxCelestis
via reddit http://ift.tt/2kCvaRM
http://ift.tt/2y6h54D
Submitted October 10, 2017 at 09:06PM by FaxCelestis
via reddit http://ift.tt/2kCvaRM
Felix Krause
iOS Privacy: steal.password - Easily get the user's Apple ID password, just by asking
Do you want the user's Apple ID password, to get access to their Apple
account, or to try the same email/password combination on different web
services? Just ask your users politely, they'll probably just hand over
their credentials, as they're trained…
account, or to try the same email/password combination on different web
services? Just ask your users politely, they'll probably just hand over
their credentials, as they're trained…
Proposal For Improving Social Security Numbers
http://ift.tt/2yejVDX
Submitted October 10, 2017 at 10:08PM by eldridgea
via reddit http://ift.tt/2gs3Fpq
http://ift.tt/2yejVDX
Submitted October 10, 2017 at 10:08PM by eldridgea
via reddit http://ift.tt/2gs3Fpq
Eldridge's Blog
Proposal For Improving Social Security Numbers
In the wake of the Equifax breach there's increasing discussion about making changes to Social Security Numbers. Any changes will need to be discussed and will take a long time to implement, but the discussion is overdue. I doubt that...
Proposal For Improving Social Security Numbers
http://ift.tt/2yejVDX
Submitted October 10, 2017 at 10:21PM by eldridgea
via reddit http://ift.tt/2g024qf
http://ift.tt/2yejVDX
Submitted October 10, 2017 at 10:21PM by eldridgea
via reddit http://ift.tt/2g024qf
Eldridge's Blog
Proposal For Improving Social Security Numbers
In the wake of the Equifax breach there's increasing discussion about making changes to Social Security Numbers. Any changes will need to be discussed and will take a long time to implement, but the discussion is overdue. I doubt that...
Implement Ethereum token trading front-run in 150 lines of Python
http://ift.tt/2y7yF88
Submitted October 10, 2017 at 09:51PM by loken17
via reddit http://ift.tt/2ycN02S
http://ift.tt/2y7yF88
Submitted October 10, 2017 at 09:51PM by loken17
via reddit http://ift.tt/2ycN02S
Medium
Front-running Bancor in 150 lines of Python with Ethereum API
This post is a deep-dive into a game-theoretic security flaw in Bancor, a high-profile smart contract on the Ethereum blockchain. The full…
Tracking a stolen code-signing certificate with osquery
http://ift.tt/2fZRgsh
Submitted October 10, 2017 at 11:46PM by Fristle
via reddit http://ift.tt/2g06Qnr
http://ift.tt/2fZRgsh
Submitted October 10, 2017 at 11:46PM by Fristle
via reddit http://ift.tt/2g06Qnr
Trail of Bits Blog
Tracking a stolen code-signing certificate with osquery
Recently, 2.27 million computers running Windows were infected with malware signed with a stolen certificate from the creators of a popular app called CCleaner, and inserted into its software updat…
Intro To Measuring, Assessing And Mitigating Security Risk
http://ift.tt/2g7ZFNS
Submitted October 11, 2017 at 12:00AM by Uminekoshi
via reddit http://ift.tt/2yDWF3h
http://ift.tt/2g7ZFNS
Submitted October 11, 2017 at 12:00AM by Uminekoshi
via reddit http://ift.tt/2yDWF3h
Nehemiah Security
Intro to Measuring, Assessing and Mitigating Security Risk - Nehemiah Security
The holy grail for cyber is to measure and communicate risk in financial terms and come up with a mitigation plan that works for security professionals, all while speaking to the CEO, CFO and the board. The good news is that the basic formula for figuring…
Leveraging mobile for phishing key information is on the rise. Learn about attack vectors and mitigations.
http://ift.tt/2y9bUOD
Submitted October 10, 2017 at 11:26PM by Mi3Security
via reddit http://ift.tt/2yWdLWn
http://ift.tt/2y9bUOD
Submitted October 10, 2017 at 11:26PM by Mi3Security
via reddit http://ift.tt/2yWdLWn
Mi3 Security
Mobile Phishing attacks on the rise
The rising trend in phishing attacks across email and websites is spilling
over to mobile applications. Learn about the attack vectors and how to
mitigate.
over to mobile applications. Learn about the attack vectors and how to
mitigate.
StackRox database security on Docker
http://ift.tt/2gaGByJ
Submitted October 10, 2017 at 11:09PM by nslater
via reddit http://ift.tt/2yddmSi
http://ift.tt/2gaGByJ
Submitted October 10, 2017 at 11:09PM by nslater
via reddit http://ift.tt/2yddmSi
CrateDB
StackRox database security on Docker - CrateDB
How we deployed StackRox to harden database security on our public Docker container cluster running the CrateDB database.
A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client
http://ift.tt/2kCTram
Submitted October 11, 2017 at 12:28AM by ryanaraine
via reddit http://ift.tt/2xwUJ7Z
http://ift.tt/2kCTram
Submitted October 11, 2017 at 12:28AM by ryanaraine
via reddit http://ift.tt/2xwUJ7Z
Bishop Fox
A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client - Bishop Fox
Introduction CVE-2017-11779 fixed by Microsoft in October of 2017, covers multiple memory corruption vulnerabilities in the Windows DNS client. The issues affect computers running Windows 8/ Server 2012 or later, and can be triggered by a malicious DNS response.…
Used Outlook's S/MIME feature in the past 6 months? Your mails were probably not sent encrypted
http://ift.tt/2wLMQM6
Submitted October 11, 2017 at 12:39AM by kafbas
via reddit http://ift.tt/2yeLDAj
http://ift.tt/2wLMQM6
Submitted October 11, 2017 at 12:39AM by kafbas
via reddit http://ift.tt/2yeLDAj
A tale of love, betrayal, social engineering and Whatsapp | Robert Heaton
http://ift.tt/2yWV4li
Submitted October 11, 2017 at 01:17AM by funnybong
via reddit http://ift.tt/2yewUFj
http://ift.tt/2yWV4li
Submitted October 11, 2017 at 01:17AM by funnybong
via reddit http://ift.tt/2yewUFj
Robert Heaton
A tale of love, betrayal, social engineering and Whatsapp | Robert Heaton
You are fed up with with your dear friend and bitter rival, Steve Steveington. He claims to have no idea how all your D&D characters came to be renamed “Sir Doofus McGoofus <obscene drawing&...
Changes in Password Best Practices
http://ift.tt/2yW2aXx
Submitted October 11, 2017 at 01:23AM by speckz
via reddit http://ift.tt/2fZyDoa
http://ift.tt/2yW2aXx
Submitted October 11, 2017 at 01:23AM by speckz
via reddit http://ift.tt/2fZyDoa
reddit
Changes in Password Best Practices • r/security
1 points and 0 comments so far on reddit
Macro-less Code Exec in MSWord
http://ift.tt/2i1kdZ7
Submitted October 11, 2017 at 02:26AM by 0x4a616e
via reddit http://ift.tt/2gazczl
http://ift.tt/2i1kdZ7
Submitted October 11, 2017 at 02:26AM by 0x4a616e
via reddit http://ift.tt/2gazczl
Sensepost
SensePost | Macro-less code exec in msword
Leaders in Information Security