Silently Fixed Unauthorized Command Injection in WAGO PLC Ethernet
http://ift.tt/2wibHGH
Submitted August 01, 2017 at 07:27PM by cbolat
via reddit http://ift.tt/2uSm9Hh
http://ift.tt/2wibHGH
Submitted August 01, 2017 at 07:27PM by cbolat
via reddit http://ift.tt/2uSm9Hh
cbolat.blogspot.co.uk
Silently Fixed Unauthorized Command Injection in WAGO PLC Ethernet
Canberk Bolat, Information Security Researcher
CableTap White Paper - 26 CVEs for exploiting cable modems and set top boxes
http://ift.tt/2vpPNoU
Submitted August 01, 2017 at 10:02PM by but_im_made_of_lava
via reddit http://ift.tt/2f5YduB
http://ift.tt/2vpPNoU
Submitted August 01, 2017 at 10:02PM by but_im_made_of_lava
via reddit http://ift.tt/2f5YduB
GitHub
BastilleResearch/CableTap
CableTap public disclosure documents.
Detection and response platform Helix boosts FireEye's product subnoscription sales to $86 million
http://ift.tt/2uhARnB
Submitted August 02, 2017 at 02:40AM by Madhan58
via reddit http://ift.tt/2vlm1Aw
http://ift.tt/2uhARnB
Submitted August 02, 2017 at 02:40AM by Madhan58
via reddit http://ift.tt/2vlm1Aw
AlphaStreet.com
FEYE - Infographic
AlphaStreet is a complete social ecosystem that significantly reduces the complexity and friction in making investment decisions.
Extract passwords from TeamViewer memory using Frida
http://ift.tt/2u1zH4z
Submitted August 02, 2017 at 03:46AM by vah_13
via reddit http://ift.tt/2uhz1TD
http://ift.tt/2u1zH4z
Submitted August 02, 2017 at 03:46AM by vah_13
via reddit http://ift.tt/2uhz1TD
GitHub
vah13/extractTVpasswords
extractTVpasswords - tool to extract passwords from TeamViewer memory using Frida
Evading Machine Learning Malware Detection
http://ift.tt/2uTtCpj
Submitted August 02, 2017 at 11:37AM by UmamiSalami
via reddit http://ift.tt/2vn2C26
http://ift.tt/2uTtCpj
Submitted August 02, 2017 at 11:37AM by UmamiSalami
via reddit http://ift.tt/2vn2C26
A quick look at an Android RAT named DroidJack. This article describes what it can do and how to detect it. If you're an Android user, you're going to want to read this...
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 01:16PM by InfoSecJim
via reddit http://ift.tt/2w5eTXa
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 01:16PM by InfoSecJim
via reddit http://ift.tt/2w5eTXa
Jim Wilbur's Blog
DroidJack- A Look at an Android RAT
A quick look at DroidJack an Android RAT. DroidJack is a RAT that can build and bind Android Packages (APK) for install on any Android device.
A quick look at an Android RAT named DroidJack. This article explains what it can do and how to detect its use. Key take-aways 1. Don't check the allow unknown sources checkbox and 2. Install AV
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 02:16PM by InfoSecJim
via reddit http://ift.tt/2uiZ1y0
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 02:16PM by InfoSecJim
via reddit http://ift.tt/2uiZ1y0
Jim Wilbur's Blog
DroidJack- A Look at an Android RAT
A quick look at DroidJack an Android RAT. DroidJack is a RAT that can build and bind Android Packages (APK) for install on any Android device.
Vocabularies to describe Exploit-Kit, adversary groups or threat actors...
http://ift.tt/2tYum9R
Submitted August 02, 2017 at 02:40PM by adulau
via reddit http://ift.tt/2tYTpd6
http://ift.tt/2tYum9R
Submitted August 02, 2017 at 02:40PM by adulau
via reddit http://ift.tt/2tYTpd6
Client-side injection vectors in ReactJS apps: Elements, props, and other good friends
http://ift.tt/2u33ytp
Submitted August 02, 2017 at 03:35PM by berndtzl
via reddit http://ift.tt/2u3hSBP
http://ift.tt/2u33ytp
Submitted August 02, 2017 at 03:35PM by berndtzl
via reddit http://ift.tt/2u3hSBP
Medium
Exploiting Script Injection Flaws in ReactJS Apps
ReactJS is a popular JavaScript library for building user interfaces. It enables client-rendered, “rich” web apps that load entirely…
OnePlus 2 Lack of SBL1 Validation, Broken Secure Boot (CVE-2017-11105)
http://ift.tt/2uSr0YQ
Submitted August 02, 2017 at 07:10PM by dv80
via reddit http://ift.tt/2uYVmY7
http://ift.tt/2uSr0YQ
Submitted August 02, 2017 at 07:10PM by dv80
via reddit http://ift.tt/2uYVmY7
alephsecurity.github.io
CVE-2017-11105
OnePlus 2 Lack of SBL1 Validation Broken Secure Boot
From BlackEnergy to ExPetr
http://ift.tt/2t0g9eL
Submitted August 02, 2017 at 09:59PM by QuirkySpiceBush
via reddit http://ift.tt/2f9njZr
http://ift.tt/2t0g9eL
Submitted August 02, 2017 at 09:59PM by QuirkySpiceBush
via reddit http://ift.tt/2f9njZr
Securelist
From BlackEnergy to ExPetr
To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware. Given our love for unsolved mysteries, we jumped right on it. We’d like to think of this ongoing research as an opportunity for an open invitation to…
BEAST: An Explanation of the CBC Padding Oracle Attack on TLS
https://www.youtube.com/watch?v=-_8-2pDFvmg
Submitted August 02, 2017 at 06:36PM by davidw_-
via reddit http://ift.tt/2hoACWE
https://www.youtube.com/watch?v=-_8-2pDFvmg
Submitted August 02, 2017 at 06:36PM by davidw_-
via reddit http://ift.tt/2hoACWE
YouTube
BEAST: An Explanation of the CBC Attack on TLS
This is an explanation of the BEAST attack. For more details, check this blog: http://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art027
Microsoft didn’t sandbox Windows Defender, so I did
http://ift.tt/2vsAuf8
Submitted August 02, 2017 at 10:13PM by addelindh
via reddit http://ift.tt/2f8WS6e
http://ift.tt/2vsAuf8
Submitted August 02, 2017 at 10:13PM by addelindh
via reddit http://ift.tt/2f8WS6e
Trail of Bits Blog
Microsoft didn’t sandbox Windows Defender, so I did
Microsoft exposed their users to a lot of risks when they released Windows Defender without a sandbox. This surprised me. Sandboxing is one of the most effective security-hardening techniques. Why …
Hunting the Files! Safari local file reader PoC
http://ift.tt/2w4ugPu
Submitted August 03, 2017 at 12:23AM by i_bo0om
via reddit http://ift.tt/2u4HdLZ
http://ift.tt/2w4ugPu
Submitted August 03, 2017 at 12:23AM by i_bo0om
via reddit http://ift.tt/2u4HdLZ
Wallarm
How to use a single download to remotely steal proprietary files from MacOS
by Anton Lopanitsyn (Wallarm Research Team)
DigiCert to Acquire Symantec's Website Security Business
http://ift.tt/2u5pG66
Submitted August 03, 2017 at 02:49AM by 5y5tem5
via reddit http://ift.tt/2ulltqp
http://ift.tt/2u5pG66
Submitted August 03, 2017 at 02:49AM by 5y5tem5
via reddit http://ift.tt/2ulltqp
DigiCert to Acquire Symantec’s Website Security Business and Related PKI Solutions
http://ift.tt/2uXpWDi
Submitted August 03, 2017 at 02:48AM by lurker_mike
via reddit http://ift.tt/2u5oq38
http://ift.tt/2uXpWDi
Submitted August 03, 2017 at 02:48AM by lurker_mike
via reddit http://ift.tt/2u5oq38
HUNT - Data driven web hacking & manual testing (incl. burp ext)
http://ift.tt/2tVCkom
Submitted August 03, 2017 at 04:43AM by QforQ
via reddit http://ift.tt/2vk9E8y
http://ift.tt/2tVCkom
Submitted August 03, 2017 at 04:43AM by QforQ
via reddit http://ift.tt/2vk9E8y
GitHub
bugcrowdlabs/HUNT
Contribute to HUNT development by creating an account on GitHub.
DoS vulnerability in Varnish Cache
http://ift.tt/2u5VO9V
Submitted August 03, 2017 at 06:44AM by svmseric
via reddit http://ift.tt/2faDmX3
http://ift.tt/2u5VO9V
Submitted August 03, 2017 at 06:44AM by svmseric
via reddit http://ift.tt/2faDmX3
reddit
DoS vulnerability in Varnish Cache • r/netsec
1 points and 0 comments so far on reddit
Exploiting Script Injection Flaws in ReactJS Apps
http://ift.tt/2vrkdGd
Submitted August 03, 2017 at 10:34AM by digicat
via reddit http://ift.tt/2vr9TON
http://ift.tt/2vrkdGd
Submitted August 03, 2017 at 10:34AM by digicat
via reddit http://ift.tt/2vr9TON
Medium
Exploiting Script Injection Flaws in ReactJS Apps
ReactJS is a popular JavaScript library for building user interfaces. It enables client-rendered, “rich” web apps that load entirely…
TTP: Bypassing Symantec Email Security.cloud (AKA MessageLabs)
http://ift.tt/2vrqBxd
Submitted August 03, 2017 at 10:26AM by ridingwithnorse
via reddit http://ift.tt/2umnZwr
http://ift.tt/2vrqBxd
Submitted August 03, 2017 at 10:26AM by ridingwithnorse
via reddit http://ift.tt/2umnZwr
Introducing 306 Million Freely Downloadable Pwned Passwords
http://ift.tt/2v1txP1
Submitted August 03, 2017 at 02:39PM by pgl
via reddit http://ift.tt/2wodWbS
http://ift.tt/2v1txP1
Submitted August 03, 2017 at 02:39PM by pgl
via reddit http://ift.tt/2wodWbS
Troy Hunt
Introducing 306 Million Freely Downloadable Pwned Passwords
Edit: The following day, I loaded another set of passwords which has brought this up to 320M. More on why later on. Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which…