(High Level) Overview of EquationGroup toolkit
http://ift.tt/2gCEH71
Submitted October 12, 2017 at 08:02PM by KasperskGB
via reddit http://ift.tt/2ic5Ykk
http://ift.tt/2gCEH71
Submitted October 12, 2017 at 08:02PM by KasperskGB
via reddit http://ift.tt/2ic5Ykk
Steemit
Overview of EquationGroup toolkit — Steemit
Our first set of analyses, as mentioned, is going to be about the EquationGroup malware, due to the vast corprus of… by shadoweye
Equifax, TransUnion websites push fake Flash player in malvertising campaign
http://ift.tt/2i7KViD
Submitted October 13, 2017 at 04:18PM by nyc4life
via reddit http://ift.tt/2yj8kBW
http://ift.tt/2i7KViD
Submitted October 13, 2017 at 04:18PM by nyc4life
via reddit http://ift.tt/2yj8kBW
Malwarebytes Labs
Equifax, TransUnion websites push fake Flash player in malvertising campaign
Equifax's website is once again infected, this time with malvertising. Further investigation reveals TransUnion was also targeted.
Security In 5: Episode 89 - Book Review: Secure Enough? by Bryce Austin
http://ift.tt/2ykuZzI
Submitted October 13, 2017 at 06:33PM by BinaryBlog
via reddit http://ift.tt/2ggqHCU
http://ift.tt/2ykuZzI
Submitted October 13, 2017 at 06:33PM by BinaryBlog
via reddit http://ift.tt/2ggqHCU
Libsyn
Security In Five Podcast: Episode 89 - Book Review: Secure Enough? by Bryce Austin
This episode I review the book Secure Enough? 20 Cybersecurity Questions For Business Owners and Executives by Bryce Austin. Amazon Link. Goodreads Link. TCE Strategy, Bryce's Website. ------------------------------------ Website - https://www.binaryblogger.com…
Question for security professionals
Hello. I have been developing an interest in information security as a possible career. One of the things about it that makes me nervous though is the possibility of getting sued and the liability that a security professional would have to their client. So my question is, how do security professionals handle the issue of being liable for any kind of security breach that a client may have? Is there some kind of contract that is signed before the work is done that shows exactly what will be done and as long as the security professional follows that - he/she would not be held liable? Thanks.
Submitted October 13, 2017 at 08:37PM by dmac0505
via reddit http://ift.tt/2i9ZOkG
Hello. I have been developing an interest in information security as a possible career. One of the things about it that makes me nervous though is the possibility of getting sued and the liability that a security professional would have to their client. So my question is, how do security professionals handle the issue of being liable for any kind of security breach that a client may have? Is there some kind of contract that is signed before the work is done that shows exactly what will be done and as long as the security professional follows that - he/she would not be held liable? Thanks.
Submitted October 13, 2017 at 08:37PM by dmac0505
via reddit http://ift.tt/2i9ZOkG
reddit
Question for security professionals • r/security
Hello. I have been developing an interest in information security as a possible career. One of the things about it that makes me nervous though is...
HTTP Strict Transport Security, the practical explanation
http://ift.tt/2g7DnIm
Submitted October 12, 2017 at 03:38AM by 0x4ndr3
via reddit http://ift.tt/2gC9nFe
http://ift.tt/2g7DnIm
Submitted October 12, 2017 at 03:38AM by 0x4ndr3
via reddit http://ift.tt/2gC9nFe
Pentester's life
HTTP Strict Transport Security, the practical explanation
Most people would know that the HSTS HTTP Header tells the browser to not even try the HTTP port, but instead to go straight to HTTPS. But not a lot of people would know the other security feature …
All you need to know to decrypt PeopleSoft passwords?
http://ift.tt/2wRd93A
Submitted October 13, 2017 at 04:30PM by alexander_polyakov
via reddit http://ift.tt/2gD0bAo
http://ift.tt/2wRd93A
Submitted October 13, 2017 at 04:30PM by alexander_polyakov
via reddit http://ift.tt/2gD0bAo
reddit
All you need to know to decrypt PeopleSoft passwords? • r/netsec
1 points and 0 comments so far on reddit
Null Byte Poisoning ~ The Magic Byte
http://ift.tt/2yK7L7b
Submitted October 13, 2017 at 09:48PM by Evil1337
via reddit http://ift.tt/2z5hf9c
http://ift.tt/2yK7L7b
Submitted October 13, 2017 at 09:48PM by Evil1337
via reddit http://ift.tt/2z5hf9c
reddit
Null Byte Poisoning ~ The Magic Byte • r/netsec
1 points and 0 comments so far on reddit
Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
http://ift.tt/2ymh63w
Submitted October 13, 2017 at 10:36PM by ju1i3k
via reddit http://ift.tt/2xDL1k0
http://ift.tt/2ymh63w
Submitted October 13, 2017 at 10:36PM by ju1i3k
via reddit http://ift.tt/2xDL1k0
Cobalt.io
Bypassing CSRF tokens with Python’s CGIHTTPServer to exploit SQL injections
There are ways to configure Burp using macros to bypass CSRF tokens on HTML forms, so we can use Burp Active Scans, Burp Intruder, Burp…
Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11238)
http://ift.tt/2ggzEvX
Submitted October 13, 2017 at 11:48PM by overflowingInt
via reddit http://ift.tt/2z6sU7t
http://ift.tt/2ggzEvX
Submitted October 13, 2017 at 11:48PM by overflowingInt
via reddit http://ift.tt/2z6sU7t
NickstaDB
Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11238)
During my research into the Java Remote Method Invocation (RMI) protocol, the most common RMI service that I came across was Adobe ColdFusion’s Flex integration service which is used to suppo…
Five Minute Guide to Software Security
http://ift.tt/2ymwwF6
Submitted October 14, 2017 at 12:47AM by OneUpSecurity
via reddit http://ift.tt/2xDWtwh
http://ift.tt/2ymwwF6
Submitted October 14, 2017 at 12:47AM by OneUpSecurity
via reddit http://ift.tt/2xDWtwh
Oneupsecurity
Learn To Develop Secure Software
Education is the best way to mitigate security breaches. Security is not only a business decision, but also a moral decision. Always seek advice from an experienced security professional.
CREST CCT STUDY GROUP
http://ift.tt/2g98fZj
Submitted October 14, 2017 at 02:35AM by johnsmithe99
via reddit http://ift.tt/2gggwy6
http://ift.tt/2g98fZj
Submitted October 14, 2017 at 02:35AM by johnsmithe99
via reddit http://ift.tt/2gggwy6
SC(A)Make - cmake auto-execution is bad
http://ift.tt/2xDzMwZ
Submitted October 14, 2017 at 02:34AM by darx0r
via reddit http://ift.tt/2yndgHO
http://ift.tt/2xDzMwZ
Submitted October 14, 2017 at 02:34AM by darx0r
via reddit http://ift.tt/2yndgHO
GitHub
darx0r/SC-A-Make
SC-A-Make - CMake auto-execution is bad
Choosing your SSO strategy and toolset
http://ift.tt/2gDPspi
Submitted October 14, 2017 at 03:08AM by shoelaa
via reddit http://ift.tt/2z7tCRQ
http://ift.tt/2gDPspi
Submitted October 14, 2017 at 03:08AM by shoelaa
via reddit http://ift.tt/2z7tCRQ
mabl
How To Integrate SSO Into Your Applicaiton - mabl
If you're a modern developer and you don't already have SSO implemented for your application, you really should. If you're using it...
Equifax rival TransUnion also sends site visitors to malicious pages
http://ift.tt/2gz7TLZ
Submitted October 14, 2017 at 04:16AM by RandomCollection
via reddit http://ift.tt/2gEdBw0
http://ift.tt/2gz7TLZ
Submitted October 14, 2017 at 04:16AM by RandomCollection
via reddit http://ift.tt/2gEdBw0
Ars Technica
Equifax rival TransUnion also sends site visitors to malicious pages
People visiting TransUnion’s Central American site redirected to potpourri of badness.
Chrome Extension Uses Your Gmail to Register Domains Names & Injects Coinhive
http://ift.tt/2yIUKus
Submitted October 14, 2017 at 09:41AM by stevewatson301
via reddit http://ift.tt/2yg6eoC
http://ift.tt/2yIUKus
Submitted October 14, 2017 at 09:41AM by stevewatson301
via reddit http://ift.tt/2yg6eoC
BleepingComputer
Chrome Extension Uses Your Gmail to Register Domains Names & Injects Coinhive
A malicious Chrome extension is being used to inject the CoinHive browser miner, while registering domains for the extension developer using the victim's Gmail address.
My first Burp Suite extension
http://ift.tt/2gbdeZe
Submitted October 14, 2017 at 11:12AM by stackcrash
via reddit http://ift.tt/2yoy6qj
http://ift.tt/2gbdeZe
Submitted October 14, 2017 at 11:12AM by stackcrash
via reddit http://ift.tt/2yoy6qj
StackCrash
My first Burp Suite extension
Introduction I recently had a career change from the defensive side of security to the offensive which means a whole knew set of skills to develop. For those who are not familiar Burp Suite is a security tool for testing web applications. A great thing about…
Awesome hacking resources
Please contribute your resources to help others get betterhttp://ift.tt/2kMh14B
Submitted October 14, 2017 at 11:01AM by vitalysim
via reddit http://ift.tt/2hGefcc
Please contribute your resources to help others get betterhttp://ift.tt/2kMh14B
Submitted October 14, 2017 at 11:01AM by vitalysim
via reddit http://ift.tt/2hGefcc
GitHub
vitalysim/Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better! - vitalysim/Awesome-Hacking-Resources
Someone Created a Tor Hidden Service to Phish my Tor Hidden Service
http://ift.tt/2gCiV2V
Submitted October 14, 2017 at 01:56PM by grepnork
via reddit http://ift.tt/2ynBUHM
http://ift.tt/2gCiV2V
Submitted October 14, 2017 at 01:56PM by grepnork
via reddit http://ift.tt/2ynBUHM
reddit
Someone Created a Tor Hidden Service to Phish my Tor... • r/netsec
1 points and 0 comments so far on reddit
Flaw in Infineon TPM firmware lead to generation of weak keys
http://ift.tt/2y7h7cj
Submitted October 14, 2017 at 05:59PM by Natanael_L
via reddit http://ift.tt/2ynVW51
http://ift.tt/2y7h7cj
Submitted October 14, 2017 at 05:59PM by Natanael_L
via reddit http://ift.tt/2ynVW51
Microsoft
{{windowTitle}}
Security guidance articles
Multiple Vulnerabilities on Airtame Device (Before Version 3)
http://ift.tt/2ykXpaR
Submitted October 14, 2017 at 09:13PM by utku1337
via reddit http://ift.tt/2ibFfnO
http://ift.tt/2ykXpaR
Submitted October 14, 2017 at 09:13PM by utku1337
via reddit http://ift.tt/2ibFfnO
Utkusen
Multiple Vulnerabilities on Airtame Device (Before Version 3)
TL;DR I found following vulnerabilities on the Airtame Device (Before Version 3) Session Fixation Updating Firmware via HTTP Using Weak Cryptographic Hash
TrustedID sends new password cleartext in email
It was bad enough that Equifax's poor security compromised so much sensitive data. Then, TrustedID took nearly two weeks to fix their website so that I could complete the registration process. Now on top of all those errors, when my spouse could not create a new password in the TrustedID website, and asked support for help, they sent a new password cleartext with her username in an email message! I'm incredulous. I would think that they would be so sensitive to computer security that they would take breaches seriously.
Submitted October 14, 2017 at 11:33PM by lsitongia
via reddit http://ift.tt/2gF6W4M
It was bad enough that Equifax's poor security compromised so much sensitive data. Then, TrustedID took nearly two weeks to fix their website so that I could complete the registration process. Now on top of all those errors, when my spouse could not create a new password in the TrustedID website, and asked support for help, they sent a new password cleartext with her username in an email message! I'm incredulous. I would think that they would be so sensitive to computer security that they would take breaches seriously.
Submitted October 14, 2017 at 11:33PM by lsitongia
via reddit http://ift.tt/2gF6W4M
reddit
TrustedID sends new password cleartext in email • r/security
It was bad enough that Equifax's poor security compromised so much sensitive data. Then, TrustedID took nearly two weeks to fix their website so...