Technical analysis on IoTroop (a.k.a IoT_Reaper) + some follow up on C2 I/S
http://ift.tt/2gTosFW
Submitted October 29, 2017 at 06:31PM by _marklech_
via reddit http://ift.tt/2zR5e7N
http://ift.tt/2gTosFW
Submitted October 29, 2017 at 06:31PM by _marklech_
via reddit http://ift.tt/2zR5e7N
Check Point Research
IoTroop Botnet: The Full Investigation - Check Point Research
Last week, thanks to the Check Point web sensor network, our researchers discovered a new and massive IoT Botnet, ‘IoTroop’. Due to the urgency of this discovery, we quickly published our initial findings in order to alert the cyber security community. Since…
Assessing the threat the Reaper botnet poses to the Internetâwhat we know now
http://ift.tt/2zKPvHj
Submitted October 30, 2017 at 04:15PM by NISMO1968
via reddit http://ift.tt/2iNrnjN
http://ift.tt/2zKPvHj
Submitted October 30, 2017 at 04:15PM by NISMO1968
via reddit http://ift.tt/2iNrnjN
Ars Technica
Assessing the threat the Reaper botnet poses to the Internet—what we know now
Whatever the threat posed by the new IoT botnet, a worse one has lurked for months.
SVT reveals: Unique data leak – cyber blackmailers linked to Russia
http://ift.tt/2icqttf
Submitted October 30, 2017 at 04:14PM by NISMO1968
via reddit http://ift.tt/2iNrqvZ
http://ift.tt/2icqttf
Submitted October 30, 2017 at 04:14PM by NISMO1968
via reddit http://ift.tt/2iNrqvZ
SVT Nyheter
SVT reveals: Unique data leak – cyber blackmailers linked to Russia
In the past few years, anonymous hackers have sent millions of fake emails that look like they come from reputable companies. Those who clicked on the link in the mail found their computers locked and had to pay a ransom to get their files back. Thanks to…
Seagate enhances its video surveillance business
http://ift.tt/2zR7wDR
Submitted October 30, 2017 at 05:36PM by Stockwinners
via reddit http://ift.tt/2hmFOrF
http://ift.tt/2zR7wDR
Submitted October 30, 2017 at 05:36PM by Stockwinners
via reddit http://ift.tt/2hmFOrF
Stockwinners Blog
Seagate enhances its video surveillance business | Stockwinners, Stock Research, Option Picks, Stock Picks
Seagate launches first drive for AI-enabled surveillance
Increase your network security: Deploy a honeypot
http://ift.tt/2zO8bGR
Submitted October 30, 2017 at 06:13PM by speckz
via reddit http://ift.tt/2gNAZXx
http://ift.tt/2zO8bGR
Submitted October 30, 2017 at 06:13PM by speckz
via reddit http://ift.tt/2gNAZXx
Network World
Increase your network security: Deploy a honeypot
Deploying a honeypot system on your internal network is a proactive measure that enables you to immediately detect an intruder before any data is damaged or stolen.
The fall of public key pinning and rise of Certificate Transparency
http://ift.tt/2yVpLLv
Submitted October 30, 2017 at 05:39PM by greyswift
via reddit http://ift.tt/2lssxCm
http://ift.tt/2yVpLLv
Submitted October 30, 2017 at 05:39PM by greyswift
via reddit http://ift.tt/2lssxCm
Medium
The fall of public key pinning and rise of Certificate Transparency
On Friday, Chris Palmer announced the intent to deprecate HTTP Public Key Pinning (HPKP) in Chrome and remove the feature entirely in…
Python Script to Generate Obfuscated Word DDE Payloads
http://ift.tt/2z1WzlC
Submitted October 30, 2017 at 05:31PM by TheBananaStand113
via reddit http://ift.tt/2gWVaWO
http://ift.tt/2z1WzlC
Submitted October 30, 2017 at 05:31PM by TheBananaStand113
via reddit http://ift.tt/2gWVaWO
GitHub
0xdeadbeefJERKY/Office-DDE-Payloads
Office-DDE-Payloads - Collection of noscripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.
How to find the real IP address of a cloudflare protected website.
http://ift.tt/2zaWNYs
Submitted October 30, 2017 at 07:32PM by SQLoverride
via reddit http://ift.tt/2xyLc13
http://ift.tt/2zaWNYs
Submitted October 30, 2017 at 07:32PM by SQLoverride
via reddit http://ift.tt/2xyLc13
Gray Hat Hackers
Gray Hat Hackers: How to find the real IP address of a cloudflare protected website.
Learn hacking/security skills, follow tutorials, get to a CEH level, and take on challenges. Free tools and resources are available to download.
Return of the Coppersmith Attack (ROCA) PDF available
http://ift.tt/2zQqGcY
Submitted October 30, 2017 at 08:05PM by ph4r05
via reddit http://ift.tt/2A0Xfpu
http://ift.tt/2zQqGcY
Submitted October 30, 2017 at 08:05PM by ph4r05
via reddit http://ift.tt/2A0Xfpu
reddit
Return of the Coppersmith Attack (ROCA) PDF available • r/netsec
1 points and 0 comments so far on reddit
Using Python To Get a Shell Without a Shell
http://ift.tt/2yXAHrL
Submitted October 30, 2017 at 07:51PM by fang0654
via reddit http://ift.tt/2zjcOLZ
http://ift.tt/2yXAHrL
Submitted October 30, 2017 at 07:51PM by fang0654
via reddit http://ift.tt/2zjcOLZ
Depthsecurity
Using Python To Get A Shell Without A Shell
Introduction
Many times while conducting a pentest, I need to noscript something up to make my life easier or to quickly test an attack idea or vector. Recently I
Many times while conducting a pentest, I need to noscript something up to make my life easier or to quickly test an attack idea or vector. Recently I
Rubber Ducky compatible clone based on CJMCU BadUSB HW
http://ift.tt/2yYhqGU
Submitted October 30, 2017 at 07:09PM by mharjac
via reddit http://ift.tt/2gVsJsw
http://ift.tt/2yYhqGU
Submitted October 30, 2017 at 07:09PM by mharjac
via reddit http://ift.tt/2gVsJsw
GitHub
mharjac/bad_ducky
bad_ducky - Rubber Ducky compatible clone based on CJMCU BadUSB HW.
Android OS may add another layer of security for better internet browsing privacy
http://ift.tt/2gUALBZ
Submitted October 30, 2017 at 06:54PM by davidpatter
via reddit http://ift.tt/2zXXq4J
http://ift.tt/2gUALBZ
Submitted October 30, 2017 at 06:54PM by davidpatter
via reddit http://ift.tt/2zXXq4J
technology.inquirer.net
Android OS may add another layer of security for better internet browsing privacy
The Android operating system may become a little more secure from being monitored by internet service providers (ISPs) with the addition of a new security protocol called “DNS over TLS.”
Continental said to be in talks to buy Argus Cyber Security
http://ift.tt/2iKxqWA
Submitted October 30, 2017 at 06:42PM by davidpatter
via reddit http://ift.tt/2xzWDW6
http://ift.tt/2iKxqWA
Submitted October 30, 2017 at 06:42PM by davidpatter
via reddit http://ift.tt/2xzWDW6
Automotive News
Continental said to be in talks to buy Argus Cyber Security
Continental is in advanced talks to buy Israel's Argus Cyber Security, which has developed technology to protect connected cars from hacking, for about $400 million, Israeli media reported on Monday.
Security In 5: Episode 100 - Thank You For The First 100 Episodes
http://ift.tt/2zZtGof
Submitted October 30, 2017 at 06:41PM by BinaryBlog
via reddit http://ift.tt/2xzFcos
http://ift.tt/2zZtGof
Submitted October 30, 2017 at 06:41PM by BinaryBlog
via reddit http://ift.tt/2xzFcos
Libsyn
Security In Five Podcast: Episode 100 - Thank You For The First 100 Episodes
When I first started this podcast I never would have thought I'd be recording my 100th episode. It's all because of the listeners and feedback received. Thank you and let's get to 200! Be aware, be safe. ------------------------------------ Website - ht…
Reliable home IP cam app for baby monitoring
I hooked up a few poe Reolink cameras this weekend, including one in our nursery to replace a failing wireless baby monitor. Long story short, the camera is great - image quality is superb.Problem is, I set my wife up with an old android tablet and a cam monitoring app and after leaving for work she called to say it was displaying an afterimage and not an up to date image of our sleeping child. Hence, we are worried about reliable, real-time updating through the night. I have developer mode on and stay-awake set on my tablet to prevent the tablet from shutting down at night time. Still, I’m worried about apps going to sleep or not otherwise staying active in real time.I’m toying with getting an audio only baby monitor and using the video as an as-needed addition. Still, that kind of defeats the purpose of this whole exercise of mine. Anyone have any recommendations for rock solid apps (android or iOS - ideally one of each). I’d love for the screens to go to sleep while the audio remains on in the background. I haven’t been able to find any reasonably priced dedicated handheld monitors (like a traditional baby monitor) to couple with my hardwired camera (which could be reached via WiFi over my home network).Thanks for any ideas.
Submitted October 30, 2017 at 09:13PM by anjo212
via reddit http://ift.tt/2igpEQ8
I hooked up a few poe Reolink cameras this weekend, including one in our nursery to replace a failing wireless baby monitor. Long story short, the camera is great - image quality is superb.Problem is, I set my wife up with an old android tablet and a cam monitoring app and after leaving for work she called to say it was displaying an afterimage and not an up to date image of our sleeping child. Hence, we are worried about reliable, real-time updating through the night. I have developer mode on and stay-awake set on my tablet to prevent the tablet from shutting down at night time. Still, I’m worried about apps going to sleep or not otherwise staying active in real time.I’m toying with getting an audio only baby monitor and using the video as an as-needed addition. Still, that kind of defeats the purpose of this whole exercise of mine. Anyone have any recommendations for rock solid apps (android or iOS - ideally one of each). I’d love for the screens to go to sleep while the audio remains on in the background. I haven’t been able to find any reasonably priced dedicated handheld monitors (like a traditional baby monitor) to couple with my hardwired camera (which could be reached via WiFi over my home network).Thanks for any ideas.
Submitted October 30, 2017 at 09:13PM by anjo212
via reddit http://ift.tt/2igpEQ8
reddit
Reliable home IP cam app for baby monitoring • r/security
I hooked up a few poe Reolink cameras this weekend, including one in our nursery to replace a failing wireless baby monitor. Long story short, the...
Messing with the Google Buganizer System for $15,600 in Bounties
http://ift.tt/2xAgbty
Submitted October 30, 2017 at 09:54PM by FireFart
via reddit http://ift.tt/2yZEbrE
http://ift.tt/2xAgbty
Submitted October 30, 2017 at 09:54PM by FireFart
via reddit http://ift.tt/2yZEbrE
Medium
Messing with the Google Buganizer System for $15,600 in Bounties
Easy Bugs for Hard Cash
Researchers Devise 2FA System That Relies on Taking Photos of Ordinary Objects
http://ift.tt/2hjK4br
Submitted October 30, 2017 at 09:51PM by ZeroManArmy
via reddit http://ift.tt/2zRESCk
http://ift.tt/2hjK4br
Submitted October 30, 2017 at 09:51PM by ZeroManArmy
via reddit http://ift.tt/2zRESCk
BleepingComputer
Researchers Devise 2FA System That Relies on Taking Photos of Ordinary Objects
Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object.
ROCA vulnerability - technical details in ACM Digital Library
ACM has just published the full paper in its Digital Library at http://ift.tt/2zQqGcY Some interesting charts of the CPU cycles needed for particular key lengths - mostly academical, with the notable exception of 3k keys. The cost of the attack of 2k RSA keys seems to be derived from Amazon EC2 x2 instance (2 cores) - my feeling is that the cost is fairly conservative. GPU-optimized versions are bound to make 2k key cracking quite affordable.http://ift.tt/2goKrUN - original public announcementhttp://ift.tt/2ylpMrM - test suite and link to offline tool
Submitted October 30, 2017 at 09:20PM by dc352
via reddit http://ift.tt/2yYIR0Q
ACM has just published the full paper in its Digital Library at http://ift.tt/2zQqGcY Some interesting charts of the CPU cycles needed for particular key lengths - mostly academical, with the notable exception of 3k keys. The cost of the attack of 2k RSA keys seems to be derived from Amazon EC2 x2 instance (2 cores) - my feeling is that the cost is fairly conservative. GPU-optimized versions are bound to make 2k key cracking quite affordable.http://ift.tt/2goKrUN - original public announcementhttp://ift.tt/2ylpMrM - test suite and link to offline tool
Submitted October 30, 2017 at 09:20PM by dc352
via reddit http://ift.tt/2yYIR0Q
keychest.net
KEYCHEST - web expiry management for SSL with competitive cert purchasing
KEYCHEST - web expiry management for SSL with competitive cert purchasing.
Fixed-price unlimited use. SSL/HTTPS and fuzzing phishing awareness.
Fixed-price unlimited use. SSL/HTTPS and fuzzing phishing awareness.
Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read
http://ift.tt/2A0DApL
Submitted October 30, 2017 at 05:13PM by albinowax
via reddit http://ift.tt/2A0NBTA
http://ift.tt/2A0DApL
Submitted October 30, 2017 at 05:13PM by albinowax
via reddit http://ift.tt/2A0NBTA
Firefox takes a bite out of the canvas ‘super cookie’
http://ift.tt/2zgIIsx
Submitted October 30, 2017 at 08:55PM by sidcool1234
via reddit http://ift.tt/2xAmwVC
http://ift.tt/2zgIIsx
Submitted October 30, 2017 at 08:55PM by sidcool1234
via reddit http://ift.tt/2xAmwVC
Naked Security
Firefox takes a bite out of the canvas ‘super cookie’
Finally, one of the major browsers is doing something about canvas fingerprinting
http://ift.tt/2zYcVcU
http://ift.tt/2zYcVcU
Submitted October 30, 2017 at 12:26AM by Mysterii8
via reddit http://ift.tt/2yZZN7i
http://ift.tt/2zYcVcU
Submitted October 30, 2017 at 12:26AM by Mysterii8
via reddit http://ift.tt/2yZZN7i
Medium
Short story about S3 bucket, python noscript, thousands of data and Australian Government
TL;DR If there is any list which contains leaks (email — password) from Amazon S3 we can add: 1470 records from AEC (Australian Electoral…