A quick look at an Android RAT named DroidJack. This article explains what it can do and how to detect its use. Key take-aways 1. Don't check the allow unknown sources checkbox and 2. Install AV
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 02:16PM by InfoSecJim
via reddit http://ift.tt/2uiZ1y0
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 02:16PM by InfoSecJim
via reddit http://ift.tt/2uiZ1y0
Jim Wilbur's Blog
DroidJack- A Look at an Android RAT
A quick look at DroidJack an Android RAT. DroidJack is a RAT that can build and bind Android Packages (APK) for install on any Android device.
Vocabularies to describe Exploit-Kit, adversary groups or threat actors...
http://ift.tt/2tYum9R
Submitted August 02, 2017 at 02:40PM by adulau
via reddit http://ift.tt/2tYTpd6
http://ift.tt/2tYum9R
Submitted August 02, 2017 at 02:40PM by adulau
via reddit http://ift.tt/2tYTpd6
Client-side injection vectors in ReactJS apps: Elements, props, and other good friends
http://ift.tt/2u33ytp
Submitted August 02, 2017 at 03:35PM by berndtzl
via reddit http://ift.tt/2u3hSBP
http://ift.tt/2u33ytp
Submitted August 02, 2017 at 03:35PM by berndtzl
via reddit http://ift.tt/2u3hSBP
Medium
Exploiting Script Injection Flaws in ReactJS Apps
ReactJS is a popular JavaScript library for building user interfaces. It enables client-rendered, “rich” web apps that load entirely…
OnePlus 2 Lack of SBL1 Validation, Broken Secure Boot (CVE-2017-11105)
http://ift.tt/2uSr0YQ
Submitted August 02, 2017 at 07:10PM by dv80
via reddit http://ift.tt/2uYVmY7
http://ift.tt/2uSr0YQ
Submitted August 02, 2017 at 07:10PM by dv80
via reddit http://ift.tt/2uYVmY7
alephsecurity.github.io
CVE-2017-11105
OnePlus 2 Lack of SBL1 Validation Broken Secure Boot
From BlackEnergy to ExPetr
http://ift.tt/2t0g9eL
Submitted August 02, 2017 at 09:59PM by QuirkySpiceBush
via reddit http://ift.tt/2f9njZr
http://ift.tt/2t0g9eL
Submitted August 02, 2017 at 09:59PM by QuirkySpiceBush
via reddit http://ift.tt/2f9njZr
Securelist
From BlackEnergy to ExPetr
To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware. Given our love for unsolved mysteries, we jumped right on it. We’d like to think of this ongoing research as an opportunity for an open invitation to…
BEAST: An Explanation of the CBC Padding Oracle Attack on TLS
https://www.youtube.com/watch?v=-_8-2pDFvmg
Submitted August 02, 2017 at 06:36PM by davidw_-
via reddit http://ift.tt/2hoACWE
https://www.youtube.com/watch?v=-_8-2pDFvmg
Submitted August 02, 2017 at 06:36PM by davidw_-
via reddit http://ift.tt/2hoACWE
YouTube
BEAST: An Explanation of the CBC Attack on TLS
This is an explanation of the BEAST attack. For more details, check this blog: http://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art027
Microsoft didn’t sandbox Windows Defender, so I did
http://ift.tt/2vsAuf8
Submitted August 02, 2017 at 10:13PM by addelindh
via reddit http://ift.tt/2f8WS6e
http://ift.tt/2vsAuf8
Submitted August 02, 2017 at 10:13PM by addelindh
via reddit http://ift.tt/2f8WS6e
Trail of Bits Blog
Microsoft didn’t sandbox Windows Defender, so I did
Microsoft exposed their users to a lot of risks when they released Windows Defender without a sandbox. This surprised me. Sandboxing is one of the most effective security-hardening techniques. Why …
Hunting the Files! Safari local file reader PoC
http://ift.tt/2w4ugPu
Submitted August 03, 2017 at 12:23AM by i_bo0om
via reddit http://ift.tt/2u4HdLZ
http://ift.tt/2w4ugPu
Submitted August 03, 2017 at 12:23AM by i_bo0om
via reddit http://ift.tt/2u4HdLZ
Wallarm
How to use a single download to remotely steal proprietary files from MacOS
by Anton Lopanitsyn (Wallarm Research Team)
DigiCert to Acquire Symantec's Website Security Business
http://ift.tt/2u5pG66
Submitted August 03, 2017 at 02:49AM by 5y5tem5
via reddit http://ift.tt/2ulltqp
http://ift.tt/2u5pG66
Submitted August 03, 2017 at 02:49AM by 5y5tem5
via reddit http://ift.tt/2ulltqp
DigiCert to Acquire Symantec’s Website Security Business and Related PKI Solutions
http://ift.tt/2uXpWDi
Submitted August 03, 2017 at 02:48AM by lurker_mike
via reddit http://ift.tt/2u5oq38
http://ift.tt/2uXpWDi
Submitted August 03, 2017 at 02:48AM by lurker_mike
via reddit http://ift.tt/2u5oq38
HUNT - Data driven web hacking & manual testing (incl. burp ext)
http://ift.tt/2tVCkom
Submitted August 03, 2017 at 04:43AM by QforQ
via reddit http://ift.tt/2vk9E8y
http://ift.tt/2tVCkom
Submitted August 03, 2017 at 04:43AM by QforQ
via reddit http://ift.tt/2vk9E8y
GitHub
bugcrowdlabs/HUNT
Contribute to HUNT development by creating an account on GitHub.
DoS vulnerability in Varnish Cache
http://ift.tt/2u5VO9V
Submitted August 03, 2017 at 06:44AM by svmseric
via reddit http://ift.tt/2faDmX3
http://ift.tt/2u5VO9V
Submitted August 03, 2017 at 06:44AM by svmseric
via reddit http://ift.tt/2faDmX3
reddit
DoS vulnerability in Varnish Cache • r/netsec
1 points and 0 comments so far on reddit
Exploiting Script Injection Flaws in ReactJS Apps
http://ift.tt/2vrkdGd
Submitted August 03, 2017 at 10:34AM by digicat
via reddit http://ift.tt/2vr9TON
http://ift.tt/2vrkdGd
Submitted August 03, 2017 at 10:34AM by digicat
via reddit http://ift.tt/2vr9TON
Medium
Exploiting Script Injection Flaws in ReactJS Apps
ReactJS is a popular JavaScript library for building user interfaces. It enables client-rendered, “rich” web apps that load entirely…
TTP: Bypassing Symantec Email Security.cloud (AKA MessageLabs)
http://ift.tt/2vrqBxd
Submitted August 03, 2017 at 10:26AM by ridingwithnorse
via reddit http://ift.tt/2umnZwr
http://ift.tt/2vrqBxd
Submitted August 03, 2017 at 10:26AM by ridingwithnorse
via reddit http://ift.tt/2umnZwr
Introducing 306 Million Freely Downloadable Pwned Passwords
http://ift.tt/2v1txP1
Submitted August 03, 2017 at 02:39PM by pgl
via reddit http://ift.tt/2wodWbS
http://ift.tt/2v1txP1
Submitted August 03, 2017 at 02:39PM by pgl
via reddit http://ift.tt/2wodWbS
Troy Hunt
Introducing 306 Million Freely Downloadable Pwned Passwords
Edit: The following day, I loaded another set of passwords which has brought this up to 320M. More on why later on. Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which…
U.S. Senators introduce IoT bill affecting gov. procurement; good-faith research liability protections.
http://ift.tt/2f5WDZr
Submitted August 03, 2017 at 03:09PM by qsilicon
via reddit http://ift.tt/2womjE5
http://ift.tt/2f5WDZr
Submitted August 03, 2017 at 03:09PM by qsilicon
via reddit http://ift.tt/2womjE5
U.S. Senator Mark R. Warner
Senators Introduce Bipartisan Legislation to Improve Cybersecurity of “Internet-of-Things” (IoT) Devices
Bipartisan bill would establish minimum requirements for Internet-connected devices purchased by the federal government
The hackers behind the WannaCry ransomware attack have finally cashed out
http://ift.tt/2faHS85
Submitted August 03, 2017 at 04:44PM by keeferc
via reddit http://ift.tt/2u79O3a
http://ift.tt/2faHS85
Submitted August 03, 2017 at 04:44PM by keeferc
via reddit http://ift.tt/2u79O3a
Quartz
The hackers behind the WannaCry ransomware attack have finally cashed out
Few expected the money would ever move out of the accounts, as they were surely watched by law-enforcement agencies around the world.
A Collision Too-Perfect - Cheeky executables, both MD5 and SHA1 hashes are equal , different run output [CHALLENGE WRITEUP]
http://ift.tt/2tuXd4J
Submitted August 03, 2017 at 05:20PM by dalmoz
via reddit http://ift.tt/2un5U1i
http://ift.tt/2tuXd4J
Submitted August 03, 2017 at 05:20PM by dalmoz
via reddit http://ift.tt/2un5U1i
Hacker Noon
A Collision Too-Perfect
Cheeky executables, both MD5 and SHA1 hashes are equal , different run output (“Eat more hashes” Challenge Write-Up)
Toolkit for capturing MFA logons
http://ift.tt/2vw40jQ
Submitted August 03, 2017 at 05:15PM by disclosure5
via reddit http://ift.tt/2u6OL0I
http://ift.tt/2vw40jQ
Submitted August 03, 2017 at 05:15PM by disclosure5
via reddit http://ift.tt/2u6OL0I
GitHub
technion/3652fa
3652fa - Office 365 MFA capture toolkit
Write-Up: DEFCON 25 Recon Village OSINT CTF
http://ift.tt/2v2Pzkl
Submitted August 03, 2017 at 10:21PM by himanshudas
via reddit http://ift.tt/2waUBeD
http://ift.tt/2v2Pzkl
Submitted August 03, 2017 at 10:21PM by himanshudas
via reddit http://ift.tt/2waUBeD
www.digitalsecurity.fr
Write-Up: DEFCON 25 Recon Village OSINT CTF | Digital Security
This blogpost is a write-up of some online challenges we managed to solve during the DEFCON 25 Recon Village OSINT CTF.
Researcher Who Stopped WannaCry Ransomware Detained in US After DefCon [MalwareTech]
http://ift.tt/2vtds79
Submitted August 03, 2017 at 10:03PM by setcursorpos
via reddit http://ift.tt/2v2PEEE
http://ift.tt/2vtds79
Submitted August 03, 2017 at 10:03PM by setcursorpos
via reddit http://ift.tt/2v2PEEE
Motherboard
Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
Marcus Hutchins, AKA MalwareTech, previously registered a specific domain included in the ransomware’s code, which stopped the malware from spreading.