Chrome 61 UXSS exploit (CVE-2017-5124)
http://ift.tt/2yZqXOC

Submitted November 14, 2017 at 04:04PM by i_bo0om
via reddit http://ift.tt/2iThuOb

New version of the Crysis Dharma Ransomware was released on 7 November 2017
New version of the Crysis Dharma Ransomware was released on 7 November 2017, which appends the extension .cobra or more precisely [cranbery@colorendgrace.com] .cobra to encrypted files and makes the data inaccessible to PC users. http://ift.tt/2zCwzxG

Submitted November 14, 2017 at 03:39PM by ved_web_services
via reddit http://ift.tt/2AFv4vR

'Highly secure' work tool leaks documents
http://ift.tt/2hvUAzt

Submitted November 14, 2017 at 03:25PM by Benjaminsen
via reddit http://ift.tt/2idPbu8

9 steps to protect against Ransomware
http://ift.tt/2ADyRK2

Submitted November 14, 2017 at 03:07PM by BCNGroup
via reddit http://ift.tt/2iez13L

Tricking blind Java deserialization for a treat
http://ift.tt/2jqejRU

Submitted November 14, 2017 at 06:13PM by __sleep
via reddit http://ift.tt/2AFvS3P

Combination of 3 vulnerabilities leads to unauthenticated RCE on Xplico
http://ift.tt/2ie2NWq

Submitted November 14, 2017 at 06:50PM by wtfse
via reddit http://ift.tt/2zC7WBC

"Why a Phishing Click Rate of 0% is Bad"
http://ift.tt/2zJNpsq

Submitted November 14, 2017 at 07:42PM by volci
via reddit http://ift.tt/2iUe11E

Security In 5: Episode 111 - OWASP Top 10 - A5 - Security Misconfigurations
http://ift.tt/2AGimwW

Submitted November 14, 2017 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2iVGPXt

A brief history of rootkits and bootkits on mobile devices.
http://ift.tt/2iUuByz

Submitted November 14, 2017 at 08:01PM by Mi3Security
via reddit http://ift.tt/2zHSJw8

Setting cookies with PDFs via DOMParser
http://ift.tt/2yA0rHp

Submitted November 14, 2017 at 09:21PM by albinowax
via reddit http://ift.tt/2zWWuAK

Alina, the Latest POS Malware
http://ift.tt/2mpmUVT

Submitted November 14, 2017 at 09:32PM by EvanConover
via reddit http://ift.tt/2yZhhDR

OnePlus Device Backdoor Root Exploit via EngineerMode App
http://ift.tt/2ie2Kd0

Submitted November 14, 2017 at 10:47PM by overflowingInt
via reddit http://ift.tt/2AHn5y2

Unpacking Process Injection Malware With IDA PRO (Part 1)
https://www.youtube.com/attribution_link?a=DxM0yBe1NJs&u=%2Fwatch%3Fv%3DScBB-Hi7NxQ%26feature%3Dshare

Submitted November 14, 2017 at 01:27PM by YioUio
via reddit http://ift.tt/2zArrdH

Secure Engineering Guidelines
http://ift.tt/2yZoBzu

Submitted November 14, 2017 at 10:01PM by HockeyInJune
via reddit http://ift.tt/2mpmvmC

New Facebook Exploit allows hacker to hold accounts ransom.
TL;DR: My Facebook account was taken over and I am completely locked out. I believe this is a new type of attack as I can't find any other instances of it happening online.All of this started roughly 6 months ago, but I haven't had any luck fixing the problem. I am now just trying to spread word that such an exploit exists in Facebook so be careful this doesn't happen to you.The initial Hack:A few months ago I needed emergency access to my Facebook account and didn't have access to my password manager. I decided to reset the password to something simple that I could remember.I got in, checked a few things and logged out. I figured I'd be fine and could change the password to something more secure when I got back home in a few days.Boy was I wrong.The next morning I awoke to a flood of e-mail claiming my password and email address had both been changed for my facebook account.I tried to reset my password, but it was going to the wrong email address.I tried the account recovery process and had my trusted contacts give me recovery codes. This seemed to work, but even after changing my password and email address Facebook wanted to send me and email confirming the changes.This email took forever to arrive and when it did it was encrypted with a GPG key (more on that later).This is where things get very bad.The Ransom Letter:The next morning I woke up to this ransom email.I blurred out my personal info, but the email address they changed my account to was just [myname]@protonmail.com.They also demanded 10 BTC to get access to the protonmail account.Facebook's Great FlawNow I admit that it was my fault for setting a weak password and not turning on 2-Factor. However, Facebook has a MAJOR flaw that allowed these hackers to take over my account and permanently lock me out.That flaw is a little known feature called "Encrypted Notifications".This feature uses your public GPG key to encrypt all emails from Facebook to you. Ensuring that any password recovery or email change forms are protected and can't be accessed by anyone else.Sounds great.Except when a hacker enables the feature on your account with a GPG key you DO NOT control.This is exactly what this hacker did. The GPG Key on my account is the one the belongs to the Protonmail account they set up and is not in my control.I have tried every password and account recovery form, I have tried finding a way to contact Facebook support, and I even tried having a family member use the "memorialize" function to contact facebook.NONE OF THESE OPTIONS WORK.Here is the email I get when trying to recover my account.I have no way to decrypt this. Short of having paid 10BTC, which is close to $80,000 today, I have no way to get back into my account.ConclusionAll a hacker needs to do to permanently lock you out of your account is change your email address and upload a GPG key.Once this is done it doesn't mater if you recover your account or change the email address back to one your control because all future emails (including the recovery confirmation email) are encrypted to a key you do not control.If this happens to you, you are pretty much out of luck as Facebook doesn't seem to have any way to contact them or actually get support.NOTE: If anyone does have a way to contact facebook directly, please let me know. I use this account to run a business and need to get in and turn off my Ad Campaigns.

Submitted November 14, 2017 at 10:51PM by megacats93
via reddit http://ift.tt/2hCCWu1

Screensaver Security on macOS 10.13 is broken
http://ift.tt/2joIVDd

Submitted November 14, 2017 at 10:38PM by gogroob
via reddit http://ift.tt/2ig8JxU

Building Secure Enclaves on AWS
http://ift.tt/2yA79gz

Submitted November 14, 2017 at 09:43PM by SecurityTrust
via reddit http://ift.tt/2yAJJrr

North Korean hackers ramp up malware attacks against Bitcoin Service Providers
http://ift.tt/2ACK51d

Submitted November 15, 2017 at 12:33AM by Nebikard
via reddit http://ift.tt/2AJiPyS

Adobe Releases Security Updates
http://ift.tt/2z05Qfb

Submitted November 15, 2017 at 01:06AM by bagaudin
via reddit http://ift.tt/2mqcZ2p

I've found a site that allows users to down Facebook videos... even videos that are set to "private".
http://ift.tt/2moTNSJ

Submitted November 15, 2017 at 12:47AM by Nebikard
via reddit http://ift.tt/2yZXi83

Calculating Asset Value in Risk
http://ift.tt/2zCKDHF

Submitted November 15, 2017 at 02:05AM by Uminekoshi
via reddit http://ift.tt/2zEbmn6