Fashion retailer Forever 21 reports payment card security breach
http://ift.tt/2yCZuOq
Submitted November 15, 2017 at 04:44AM by SecurityTrust
via reddit http://ift.tt/2AKriSs
http://ift.tt/2yCZuOq
Submitted November 15, 2017 at 04:44AM by SecurityTrust
via reddit http://ift.tt/2AKriSs
CNBC
Fashion retailer Forever 21 reports payment card security breach
Fashion retailer Forever 21 said on Tuesday there had been unauthorized access to data from payment cards used at certain of its stores.
How to exploit BlueBorne RCE on Nexus5 Android 6.0.1 (CVE-2017-0781)
http://ift.tt/2AHzQci
Submitted November 15, 2017 at 05:08AM by h3ku
via reddit http://ift.tt/2hxjPl6
http://ift.tt/2AHzQci
Submitted November 15, 2017 at 05:08AM by h3ku
via reddit http://ift.tt/2hxjPl6
JesuX Blog
BlueBorne RCE on Android 6.0.1 (CVE-2017-0781) [English]
A few days ago, the company Armis published a proof of concept (PoC) of a remote code execution vulnerability in Android via Bluetooth (CVE-2017-0781), known as BlueBorne. Although BlueBorne refers to a set of 8 vulnerabilities, this PoC uses only 2 of them…
Accidentally left a server open with semi-default password. How can I ensure I wasn't hacked?
For about 18 hours you could log in as root over the internet to my server using the credentials root and test -- I unfortunately forgot I left root login enabled. I promptly disabled root login, changed the password, and looked through the SSH logs. As usual, I saw a bunch of failed attempts to login from the normal bots, but checking
Submitted November 15, 2017 at 05:36AM by steelcowboy1
via reddit http://ift.tt/2jsN09F
For about 18 hours you could log in as root over the internet to my server using the credentials root and test -- I unfortunately forgot I left root login enabled. I promptly disabled root login, changed the password, and looked through the SSH logs. As usual, I saw a bunch of failed attempts to login from the normal bots, but checking
last root didn't show any logins out of the ordinary.What else should I do to see if it's compromised? Or is there no way to be sure? What do you all recommend?Submitted November 15, 2017 at 05:36AM by steelcowboy1
via reddit http://ift.tt/2jsN09F
reddit
Accidentally left a server open with semi-default... • r/security
For about 18 hours you could log in as root over the internet to my server using the credentials *root* and *test* -- I unfortunately forgot I...
NTP Amplification DDoS Attack
http://ift.tt/2zGUVpK
Submitted November 15, 2017 at 06:08AM by berkdusunurx
via reddit http://ift.tt/2ij5DcP
http://ift.tt/2zGUVpK
Submitted November 15, 2017 at 06:08AM by berkdusunurx
via reddit http://ift.tt/2ij5DcP
www.berkdusunur.net
NTP AMPLIFICATION DDoS ATTACK
NTP AMPLIFICATION DDoS ATTACK DDoS Saldırıları Standart DDoS saldırılarında amaç olabildiğince çok fazla sayıda sis...
Remote Code Execution in CouchDB (and Privilege Escalation in the npm Registry)
http://ift.tt/2hqXIcm
Submitted November 15, 2017 at 06:03AM by justicz
via reddit http://ift.tt/2AH1ypo
http://ift.tt/2hqXIcm
Submitted November 15, 2017 at 06:03AM by justicz
via reddit http://ift.tt/2AH1ypo
justi.cz
Remote Code Execution in CouchDB (and Privilege Escalation in the npm Registry)
tl;dr There was a vulnerability in CouchDB caused by a discrepancy between the database’s native JSON parser and the Javanoscript JSON parser used during docum...
Skeleton in the closet. MS Office vulnerability you didn’t know about
http://ift.tt/2iUpkaj
Submitted November 15, 2017 at 05:50AM by campuscodi
via reddit http://ift.tt/2mvoJ3Z
http://ift.tt/2iUpkaj
Submitted November 15, 2017 at 05:50AM by campuscodi
via reddit http://ift.tt/2mvoJ3Z
Embedi
Skeleton in the closet. MS Office vulnerability you didn’t know about
What is the beginning of a typical research? Any research begins with detecting vulnerabilities with common tools. Although the process does not require much time and effort, it works well.Detection procedure is focused on vulnerabilities in third-party libraries…
Travis CI vulnerability (fixed)
http://ift.tt/2yCJEn4
Submitted November 15, 2017 at 06:53AM by CashWilliams
via reddit http://ift.tt/2ieQJnI
http://ift.tt/2yCJEn4
Submitted November 15, 2017 at 06:53AM by CashWilliams
via reddit http://ift.tt/2ieQJnI
Acquia
A Travis CI/Github Security Vulnerability
For the past 6 years, private Github repositories using Travis CI have been vulnerable to a privilege escalation attack. Under certain configurations, an attacker with read-only access to the Github repo could change the code just by submitting a pull request.…
What is the best open source solution for encrypting files on a USB drive?
This is for storing backups on a USB drive. I'm running Windows 10 Home on my PC. I'm looking for something with the ease of use that TrueCrypt had.
Submitted November 15, 2017 at 07:14AM by MildlyExceptional
via reddit http://ift.tt/2zEJvDe
This is for storing backups on a USB drive. I'm running Windows 10 Home on my PC. I'm looking for something with the ease of use that TrueCrypt had.
Submitted November 15, 2017 at 07:14AM by MildlyExceptional
via reddit http://ift.tt/2zEJvDe
gnoscript - A Go library for dynamic runtime execution of malware
http://ift.tt/2hz2LLJ
Submitted November 15, 2017 at 11:21AM by mandatoryprogrammer
via reddit http://ift.tt/2zZXa8v
http://ift.tt/2hz2LLJ
Submitted November 15, 2017 at 11:21AM by mandatoryprogrammer
via reddit http://ift.tt/2zZXa8v
GitHub
GitHub - gen0cide/gnoscript: framework to rapidly implement custom droppers for all three major operating systems
framework to rapidly implement custom droppers for all three major operating systems - gen0cide/gnoscript
Asus firmware addresses KRACK
http://ift.tt/2htqlWg
Submitted November 15, 2017 at 05:47PM by NothingWasChanged
via reddit http://ift.tt/2zG3v8p
http://ift.tt/2htqlWg
Submitted November 15, 2017 at 05:47PM by NothingWasChanged
via reddit http://ift.tt/2zG3v8p
Imgur
thanks Asus
Imgur: The most awesome images on the Internet.
UltraHeal Blog For PC Security
http://ift.tt/2hvbXx1
Submitted November 15, 2017 at 03:53PM by ultraheal
via reddit http://ift.tt/2zGxLzQ
http://ift.tt/2hvbXx1
Submitted November 15, 2017 at 03:53PM by ultraheal
via reddit http://ift.tt/2zGxLzQ
reddit
UltraHeal Blog For PC Security • r/security
0 points and 0 comments so far on reddit
A researcher claims to have unlocked an iPhone X by defeating Face ID with a custom $150 mask
http://ift.tt/2zJy1fq
Submitted November 15, 2017 at 02:34PM by GemmaJ123
via reddit http://ift.tt/2iVIkFp
http://ift.tt/2zJy1fq
Submitted November 15, 2017 at 02:34PM by GemmaJ123
via reddit http://ift.tt/2iVIkFp
Business Insider
A researcher claims to have unlocked an iPhone X by defeating Face ID with a custom $150 mask
It’s the first reported case of researchers apparently being able to fool the Face ID software.
North Korean Remote Administration Tool: FALLCHILL
http://ift.tt/2hzN9Yi
Submitted November 15, 2017 at 06:48PM by uid_0
via reddit http://ift.tt/2mrAXdA
http://ift.tt/2hzN9Yi
Submitted November 15, 2017 at 06:48PM by uid_0
via reddit http://ift.tt/2mrAXdA
www.us-cert.gov
HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL | US-CERT
According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the…
Things you wanted to know about storing passwords but were afraid to ask
http://ift.tt/2htgxLV
Submitted November 15, 2017 at 07:05PM by ruidfigueiredo
via reddit http://ift.tt/2AOMBCA
http://ift.tt/2htgxLV
Submitted November 15, 2017 at 07:05PM by ruidfigueiredo
via reddit http://ift.tt/2AOMBCA
The Blinking Caret
Things you wanted to know about storing passwords but were afraid to ask - The Blinking Caret
The issue of storing passwords securely is often overlooked. This blog post describes how a password can be stored securely even in the event of a breach.
Oracle released 4 hotfixes patch in Jolt protocol {CVE-2017-10269} CVSS 10.0/10.0
http://ift.tt/2hxJNFb
Submitted November 15, 2017 at 07:56PM by vah_13
via reddit http://ift.tt/2AHpGrZ
http://ift.tt/2hxJNFb
Submitted November 15, 2017 at 07:56PM by vah_13
via reddit http://ift.tt/2AHpGrZ
reddit
Oracle released 4 hotfixes patch in Jolt protocol... • r/security
1 points and 0 comments so far on reddit
Security In 5: Episode 112 - Why You Should Setup The Guest Network On Your Home Wi-Fi
http://ift.tt/2ijztO0
Submitted November 15, 2017 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2AJaESs
http://ift.tt/2ijztO0
Submitted November 15, 2017 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2AJaESs
Libsyn
Security In Five Podcast: Episode 112 - Why You Should Setup The Guest Network On Your Home Wi-Fi
Most of us have home Wi-Fi. When friends, family and visitors come over they may expect to get on your Wi-Fi to get Internet access. There are various reasons why you should not be allowing them access to your primary Wi-Fi network but instead use the Guest…
Redsnarf : Read team tool
http://ift.tt/2ekWA63
Submitted November 15, 2017 at 08:45PM by fireh7nter
via reddit http://ift.tt/2yIxd9b
http://ift.tt/2ekWA63
Submitted November 15, 2017 at 08:45PM by fireh7nter
via reddit http://ift.tt/2yIxd9b
GitHub
nccgroup/redsnarf
redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
http://ift.tt/2iZ0JB1
Submitted November 15, 2017 at 08:39PM by EvanConover
via reddit http://ift.tt/2APBb1u
http://ift.tt/2iZ0JB1
Submitted November 15, 2017 at 08:39PM by EvanConover
via reddit http://ift.tt/2APBb1u
Trendmicro
New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis - TrendLabs Security Intelligence Blog
We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTET has a new iteration (detected as TSPY_EMOTET.SMD10) with a…
Sith Spam Bots Take a Page from a Star Wars Novel(s)
http://ift.tt/2zMaQkQ
Submitted November 15, 2017 at 09:20PM by whitehattracker
via reddit http://ift.tt/2A0vKzo
http://ift.tt/2zMaQkQ
Submitted November 15, 2017 at 09:20PM by whitehattracker
via reddit http://ift.tt/2A0vKzo
reddit
Sith Spam Bots Take a Page from a Star Wars Novel(s) • r/security
1 points and 0 comments so far on reddit
Bsides Lisbon 2017 Videos
https://www.youtube.com/playlist?list=PLbuNP88_wbNx3RfhlCMhjlIEKg4t8YopL
Submitted November 15, 2017 at 04:54PM by clviper
via reddit http://ift.tt/2zF7zGs
https://www.youtube.com/playlist?list=PLbuNP88_wbNx3RfhlCMhjlIEKg4t8YopL
Submitted November 15, 2017 at 04:54PM by clviper
via reddit http://ift.tt/2zF7zGs
YouTube
BSidesLisbon 2017 - YouTube
BSidesLisbon is the premier technical information security conference in Portugal. It is a community organized, not for profit, conference started in 2013 an...
What happens when you try to guess the type of a void pointer (CVE-2017-16379)
http://ift.tt/2APS8c4
Submitted November 15, 2017 at 09:43PM by Cybellum
via reddit http://ift.tt/2zGSqnA
http://ift.tt/2APS8c4
Submitted November 15, 2017 at 09:43PM by Cybellum
via reddit http://ift.tt/2zGSqnA
Cybellum
CY-2017-011: Type Confusion in Adobe Acrobat | Cybellum