Website Security - Managed Security Service
http://ift.tt/2z5Agbr
Submitted October 13, 2017 at 01:49PM by mounikacomodo
via reddit http://ift.tt/2gCCuZg
http://ift.tt/2z5Agbr
Submitted October 13, 2017 at 01:49PM by mounikacomodo
via reddit http://ift.tt/2gCCuZg
Comodo
Website Security - Managed Security Service | cWatch
Comodo cWatch website security is a managed security service operating in a Security as a Service model. It provides protection from website security threats.
Exploding Git Repositories
http://ift.tt/2yb3uJl
Submitted October 13, 2017 at 04:24PM by speckz
via reddit http://ift.tt/2wS4VYY
http://ift.tt/2yb3uJl
Submitted October 13, 2017 at 04:24PM by speckz
via reddit http://ift.tt/2wS4VYY
kate.io
Git Bomb: Crafting Uncloneable Repos
Creating compact repos that can't be cloned.
MSc Information Security research project ideas
Firstly, apologies if you have seen this message in multiple places. I have post across a number of similar subreddits.Over the coming weeks/months I will be conducting a research project (around 15-20k words) to conclude my information security masters. At present I have a few high-level ideas of subjects that interest me, mainly surrounding either cyber/info sec risk management or cyber crime. I don’t however know how I could build on them to the depth of 15k+ words and what exact hypothesis/avenue to take. I have quite thoroughly browsed pages such as this and popular blogs, but am still lacking that direction I need. Below are a few ideas, I would welcome any further suggestions or expansions. Please note, I do not have a strong technical background. Thanks!The idea that cyber risk management needs to move away from a compliance based approach (such as outdated frameworks and ‘un-agile’ working) to a more pro-active approach (that approach I am not entirely sure on!)The need for risk management to become automated e.g. dashboards and real-time metrics to allow an enterprise level understanding of threats and risks. Meaningful data and information, rather than bloated ‘paper based’ inefficiency.The motivation behind young people becoming cyber criminals (although this may be more of a criminology / psychology subject rather than info sec)The idea that cyber crime is undermining the digital economy (erosion of trust in, and growing fear of, digital technology)Understanding your supply chain and the complex connectivityBlockchains potential impact on security & privacy (however my limited technical knowledge may be an issue)
Submitted October 13, 2017 at 02:37AM by boinggggg
via reddit http://ift.tt/2ibs9XT
Firstly, apologies if you have seen this message in multiple places. I have post across a number of similar subreddits.Over the coming weeks/months I will be conducting a research project (around 15-20k words) to conclude my information security masters. At present I have a few high-level ideas of subjects that interest me, mainly surrounding either cyber/info sec risk management or cyber crime. I don’t however know how I could build on them to the depth of 15k+ words and what exact hypothesis/avenue to take. I have quite thoroughly browsed pages such as this and popular blogs, but am still lacking that direction I need. Below are a few ideas, I would welcome any further suggestions or expansions. Please note, I do not have a strong technical background. Thanks!The idea that cyber risk management needs to move away from a compliance based approach (such as outdated frameworks and ‘un-agile’ working) to a more pro-active approach (that approach I am not entirely sure on!)The need for risk management to become automated e.g. dashboards and real-time metrics to allow an enterprise level understanding of threats and risks. Meaningful data and information, rather than bloated ‘paper based’ inefficiency.The motivation behind young people becoming cyber criminals (although this may be more of a criminology / psychology subject rather than info sec)The idea that cyber crime is undermining the digital economy (erosion of trust in, and growing fear of, digital technology)Understanding your supply chain and the complex connectivityBlockchains potential impact on security & privacy (however my limited technical knowledge may be an issue)
Submitted October 13, 2017 at 02:37AM by boinggggg
via reddit http://ift.tt/2ibs9XT
reddit
MSc Information Security research project ideas • r/security
Firstly, apologies if you have seen this message in multiple places. I have post across a number of similar subreddits. Over the coming...
(High Level) Overview of EquationGroup toolkit
http://ift.tt/2gCEH71
Submitted October 12, 2017 at 08:02PM by KasperskGB
via reddit http://ift.tt/2ic5Ykk
http://ift.tt/2gCEH71
Submitted October 12, 2017 at 08:02PM by KasperskGB
via reddit http://ift.tt/2ic5Ykk
Steemit
Overview of EquationGroup toolkit — Steemit
Our first set of analyses, as mentioned, is going to be about the EquationGroup malware, due to the vast corprus of… by shadoweye
Equifax, TransUnion websites push fake Flash player in malvertising campaign
http://ift.tt/2i7KViD
Submitted October 13, 2017 at 04:18PM by nyc4life
via reddit http://ift.tt/2yj8kBW
http://ift.tt/2i7KViD
Submitted October 13, 2017 at 04:18PM by nyc4life
via reddit http://ift.tt/2yj8kBW
Malwarebytes Labs
Equifax, TransUnion websites push fake Flash player in malvertising campaign
Equifax's website is once again infected, this time with malvertising. Further investigation reveals TransUnion was also targeted.
Security In 5: Episode 89 - Book Review: Secure Enough? by Bryce Austin
http://ift.tt/2ykuZzI
Submitted October 13, 2017 at 06:33PM by BinaryBlog
via reddit http://ift.tt/2ggqHCU
http://ift.tt/2ykuZzI
Submitted October 13, 2017 at 06:33PM by BinaryBlog
via reddit http://ift.tt/2ggqHCU
Libsyn
Security In Five Podcast: Episode 89 - Book Review: Secure Enough? by Bryce Austin
This episode I review the book Secure Enough? 20 Cybersecurity Questions For Business Owners and Executives by Bryce Austin. Amazon Link. Goodreads Link. TCE Strategy, Bryce's Website. ------------------------------------ Website - https://www.binaryblogger.com…
Question for security professionals
Hello. I have been developing an interest in information security as a possible career. One of the things about it that makes me nervous though is the possibility of getting sued and the liability that a security professional would have to their client. So my question is, how do security professionals handle the issue of being liable for any kind of security breach that a client may have? Is there some kind of contract that is signed before the work is done that shows exactly what will be done and as long as the security professional follows that - he/she would not be held liable? Thanks.
Submitted October 13, 2017 at 08:37PM by dmac0505
via reddit http://ift.tt/2i9ZOkG
Hello. I have been developing an interest in information security as a possible career. One of the things about it that makes me nervous though is the possibility of getting sued and the liability that a security professional would have to their client. So my question is, how do security professionals handle the issue of being liable for any kind of security breach that a client may have? Is there some kind of contract that is signed before the work is done that shows exactly what will be done and as long as the security professional follows that - he/she would not be held liable? Thanks.
Submitted October 13, 2017 at 08:37PM by dmac0505
via reddit http://ift.tt/2i9ZOkG
reddit
Question for security professionals • r/security
Hello. I have been developing an interest in information security as a possible career. One of the things about it that makes me nervous though is...
HTTP Strict Transport Security, the practical explanation
http://ift.tt/2g7DnIm
Submitted October 12, 2017 at 03:38AM by 0x4ndr3
via reddit http://ift.tt/2gC9nFe
http://ift.tt/2g7DnIm
Submitted October 12, 2017 at 03:38AM by 0x4ndr3
via reddit http://ift.tt/2gC9nFe
Pentester's life
HTTP Strict Transport Security, the practical explanation
Most people would know that the HSTS HTTP Header tells the browser to not even try the HTTP port, but instead to go straight to HTTPS. But not a lot of people would know the other security feature …
All you need to know to decrypt PeopleSoft passwords?
http://ift.tt/2wRd93A
Submitted October 13, 2017 at 04:30PM by alexander_polyakov
via reddit http://ift.tt/2gD0bAo
http://ift.tt/2wRd93A
Submitted October 13, 2017 at 04:30PM by alexander_polyakov
via reddit http://ift.tt/2gD0bAo
reddit
All you need to know to decrypt PeopleSoft passwords? • r/netsec
1 points and 0 comments so far on reddit
Null Byte Poisoning ~ The Magic Byte
http://ift.tt/2yK7L7b
Submitted October 13, 2017 at 09:48PM by Evil1337
via reddit http://ift.tt/2z5hf9c
http://ift.tt/2yK7L7b
Submitted October 13, 2017 at 09:48PM by Evil1337
via reddit http://ift.tt/2z5hf9c
reddit
Null Byte Poisoning ~ The Magic Byte • r/netsec
1 points and 0 comments so far on reddit
Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
http://ift.tt/2ymh63w
Submitted October 13, 2017 at 10:36PM by ju1i3k
via reddit http://ift.tt/2xDL1k0
http://ift.tt/2ymh63w
Submitted October 13, 2017 at 10:36PM by ju1i3k
via reddit http://ift.tt/2xDL1k0
Cobalt.io
Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
There are ways to configure Burp using macros to bypass CSRF tokens on HTML forms, so we can use Burp Active Scans, Burp Intruder, Burp…
Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11238)
http://ift.tt/2ggzEvX
Submitted October 13, 2017 at 11:48PM by overflowingInt
via reddit http://ift.tt/2z6sU7t
http://ift.tt/2ggzEvX
Submitted October 13, 2017 at 11:48PM by overflowingInt
via reddit http://ift.tt/2z6sU7t
NickstaDB
Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11238)
During my research into the Java Remote Method Invocation (RMI) protocol, the most common RMI service that I came across was Adobe ColdFusion’s Flex integration service which is used to suppo…
Five Minute Guide to Software Security
http://ift.tt/2ymwwF6
Submitted October 14, 2017 at 12:47AM by OneUpSecurity
via reddit http://ift.tt/2xDWtwh
http://ift.tt/2ymwwF6
Submitted October 14, 2017 at 12:47AM by OneUpSecurity
via reddit http://ift.tt/2xDWtwh
Oneupsecurity
Learn To Develop Secure Software
Education is the best way to mitigate security breaches. Security is not only a business decision, but also a moral decision. Always seek advice from an experienced security professional.
CREST CCT STUDY GROUP
http://ift.tt/2g98fZj
Submitted October 14, 2017 at 02:35AM by johnsmithe99
via reddit http://ift.tt/2gggwy6
http://ift.tt/2g98fZj
Submitted October 14, 2017 at 02:35AM by johnsmithe99
via reddit http://ift.tt/2gggwy6
SC(A)Make - cmake auto-execution is bad
http://ift.tt/2xDzMwZ
Submitted October 14, 2017 at 02:34AM by darx0r
via reddit http://ift.tt/2yndgHO
http://ift.tt/2xDzMwZ
Submitted October 14, 2017 at 02:34AM by darx0r
via reddit http://ift.tt/2yndgHO
GitHub
darx0r/SC-A-Make
SC-A-Make - CMake auto-execution is bad
Choosing your SSO strategy and toolset
http://ift.tt/2gDPspi
Submitted October 14, 2017 at 03:08AM by shoelaa
via reddit http://ift.tt/2z7tCRQ
http://ift.tt/2gDPspi
Submitted October 14, 2017 at 03:08AM by shoelaa
via reddit http://ift.tt/2z7tCRQ
mabl
How To Integrate SSO Into Your Applicaiton - mabl
If you're a modern developer and you don't already have SSO implemented for your application, you really should. If you're using it...
Equifax rival TransUnion also sends site visitors to malicious pages
http://ift.tt/2gz7TLZ
Submitted October 14, 2017 at 04:16AM by RandomCollection
via reddit http://ift.tt/2gEdBw0
http://ift.tt/2gz7TLZ
Submitted October 14, 2017 at 04:16AM by RandomCollection
via reddit http://ift.tt/2gEdBw0
Ars Technica
Equifax rival TransUnion also sends site visitors to malicious pages
People visiting TransUnion’s Central American site redirected to potpourri of badness.
Chrome Extension Uses Your Gmail to Register Domains Names & Injects Coinhive
http://ift.tt/2yIUKus
Submitted October 14, 2017 at 09:41AM by stevewatson301
via reddit http://ift.tt/2yg6eoC
http://ift.tt/2yIUKus
Submitted October 14, 2017 at 09:41AM by stevewatson301
via reddit http://ift.tt/2yg6eoC
BleepingComputer
Chrome Extension Uses Your Gmail to Register Domains Names & Injects Coinhive
A malicious Chrome extension is being used to inject the CoinHive browser miner, while registering domains for the extension developer using the victim's Gmail address.
My first Burp Suite extension
http://ift.tt/2gbdeZe
Submitted October 14, 2017 at 11:12AM by stackcrash
via reddit http://ift.tt/2yoy6qj
http://ift.tt/2gbdeZe
Submitted October 14, 2017 at 11:12AM by stackcrash
via reddit http://ift.tt/2yoy6qj
StackCrash
My first Burp Suite extension
Introduction I recently had a career change from the defensive side of security to the offensive which means a whole knew set of skills to develop. For those who are not familiar Burp Suite is a security tool for testing web applications. A great thing about…
Awesome hacking resources
Please contribute your resources to help others get betterhttp://ift.tt/2kMh14B
Submitted October 14, 2017 at 11:01AM by vitalysim
via reddit http://ift.tt/2hGefcc
Please contribute your resources to help others get betterhttp://ift.tt/2kMh14B
Submitted October 14, 2017 at 11:01AM by vitalysim
via reddit http://ift.tt/2hGefcc
GitHub
vitalysim/Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better! - vitalysim/Awesome-Hacking-Resources
Someone Created a Tor Hidden Service to Phish my Tor Hidden Service
http://ift.tt/2gCiV2V
Submitted October 14, 2017 at 01:56PM by grepnork
via reddit http://ift.tt/2ynBUHM
http://ift.tt/2gCiV2V
Submitted October 14, 2017 at 01:56PM by grepnork
via reddit http://ift.tt/2ynBUHM
reddit
Someone Created a Tor Hidden Service to Phish my Tor... • r/netsec
1 points and 0 comments so far on reddit