I know this is just a Showerthought and joking (hopefully) going on, but still some eyebrow raising practices going on...
http://ift.tt/2huO3Sb
Submitted November 16, 2017 at 10:12PM by icemanJL
via reddit http://ift.tt/2yOIDIU
http://ift.tt/2huO3Sb
Submitted November 16, 2017 at 10:12PM by icemanJL
via reddit http://ift.tt/2yOIDIU
reddit
In the old days taping your password to your... • r/Showerthoughts
38523 points and 1752 comments so far on reddit
What do Cybersecurity and Fashion have in common? Put on your slippers!
http://ift.tt/2jwVoFc
Submitted November 16, 2017 at 09:28PM by Uminekoshi
via reddit http://ift.tt/2AL8jqk
http://ift.tt/2jwVoFc
Submitted November 16, 2017 at 09:28PM by Uminekoshi
via reddit http://ift.tt/2AL8jqk
Nehemiah Security
The Cyber World Is Big—Put Your Slippers On, Folks! - Nehemiah Security
I fancy myself the Elle Woods of cyber. Before cyber, I worked in the fashion industry as a personal stylist. My job was to guide clients through the daunting and foreign world of clothing, often building out their wardrobes from the ground up. First two…
Remote Code Execution in Chrome OS ($100k Bounty) - Writeup
http://ift.tt/2zGhR9j
Submitted November 16, 2017 at 10:46PM by jwcrux
via reddit http://ift.tt/2zGOrro
http://ift.tt/2zGhR9j
Submitted November 16, 2017 at 10:46PM by jwcrux
via reddit http://ift.tt/2zGOrro
reddit
Remote Code Execution in Chrome OS ($100k Bounty) - Writeup • r/netsec
2 points and 2 comments so far on reddit
Pentagon's hacker disclosure program defangs 2,800 security flaws
http://ift.tt/2zUDtit
Submitted November 16, 2017 at 10:53PM by GemmaJ123
via reddit http://ift.tt/2A4Meqj
http://ift.tt/2zUDtit
Submitted November 16, 2017 at 10:53PM by GemmaJ123
via reddit http://ift.tt/2A4Meqj
TheHill
Pentagon's hacker disclosure program defangs 2,800 security flaws
Nearly a year after a rule change allowed good Samaritan hackers to notify the Department of Defense (DOD) about cybersecurity glitches that needed fixing, the Pentagon has mitigated more than 2,800 security problems.
Probable passwords and/or password components, as scoured from dumped data breaches
http://ift.tt/2pwBjjY
Submitted November 16, 2017 at 11:15PM by volci
via reddit http://ift.tt/2yQDqQv
http://ift.tt/2pwBjjY
Submitted November 16, 2017 at 11:15PM by volci
via reddit http://ift.tt/2yQDqQv
GitHub
berzerk0/Probable-Wordlists
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular! - berzerk0/Probable-Wordlists
17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
http://ift.tt/2z8RrgU
Submitted November 17, 2017 at 12:39AM by somemuslim
via reddit http://ift.tt/2mBoBQu
http://ift.tt/2z8RrgU
Submitted November 17, 2017 at 12:39AM by somemuslim
via reddit http://ift.tt/2mBoBQu
The Hacker News
17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-11882) Allows Hackers to Install Malware On Windows Computers Without User Interaction
Github introduces automatic dependency security alerting
http://ift.tt/2yMIDZJ
Submitted November 17, 2017 at 12:47AM by csanders_
via reddit http://ift.tt/2mymfld
http://ift.tt/2yMIDZJ
Submitted November 17, 2017 at 12:47AM by csanders_
via reddit http://ift.tt/2mymfld
GitHub
Introducing security alerts on GitHub
Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javanoscript and Ruby. Today, for the over 75 percent of Git...
The State of Open Source Security 2017
http://ift.tt/2z8cK25
Submitted November 17, 2017 at 01:06AM by tkadlec
via reddit http://ift.tt/2z9J6JD
http://ift.tt/2z8cK25
Submitted November 17, 2017 at 01:06AM by tkadlec
via reddit http://ift.tt/2z9J6JD
reddit
The State of Open Source Security 2017 • r/security
2 points and 0 comments so far on reddit
These maps show where popular websites have been banned around the world (x-post /r/programming)
http://ift.tt/2zlr9or
Submitted November 17, 2017 at 01:02AM by halfcentennial1964
via reddit http://ift.tt/2mCE4zN
http://ift.tt/2zlr9or
Submitted November 17, 2017 at 01:02AM by halfcentennial1964
via reddit http://ift.tt/2mCE4zN
visual.ly
Where Popular Websites are Banned Across the World
Which countries have blocked popular sites like Facebook, YouTube, Wikipedia, and Twitter? These websites are vital for our day-to-day communication a
Enterprise password management: A field guide
http://ift.tt/2iZGFP9
Submitted November 17, 2017 at 01:36AM by yourbasicgeek
via reddit http://ift.tt/2zN9V3q
http://ift.tt/2iZGFP9
Submitted November 17, 2017 at 01:36AM by yourbasicgeek
via reddit http://ift.tt/2zN9V3q
HPE
Enterprise password management: A field guide | HPE
Simplifying complex passwords for users encourages their use @Enterprisenxt
How to protect against this ?
http://ift.tt/2A49zZl
Submitted November 17, 2017 at 02:08AM by whatup10
via reddit http://ift.tt/2z9cDTK
http://ift.tt/2A49zZl
Submitted November 17, 2017 at 02:08AM by whatup10
via reddit http://ift.tt/2z9cDTK
WIRED
You're Browsing a Website. These Companies May Be Recording Your Every Move.
Behind many consumer websites, software companies track users' moves, potentially exposing personal information such as medical conditions or prenoscription-drug use.
Sandboxing question
Currently I have a Win7 machine that runs in virtualbox. When I want to analyze an email attachemnt, or other suspect items, I save them to my desktop (host OS), load the items as an ISO and mount the ISO to the VM, which has all it's network adapters disabled. My concern lies with how I handle the file on the host OS. Is there a safer way to do this? I would log into my email in the browser of the VM, but I don't want to touch any corporate info on that virtual machine, for obvious reasons.Am I doing this right?
Submitted November 17, 2017 at 03:41AM by hiskid
via reddit http://ift.tt/2zPs6Fy
Currently I have a Win7 machine that runs in virtualbox. When I want to analyze an email attachemnt, or other suspect items, I save them to my desktop (host OS), load the items as an ISO and mount the ISO to the VM, which has all it's network adapters disabled. My concern lies with how I handle the file on the host OS. Is there a safer way to do this? I would log into my email in the browser of the VM, but I don't want to touch any corporate info on that virtual machine, for obvious reasons.Am I doing this right?
Submitted November 17, 2017 at 03:41AM by hiskid
via reddit http://ift.tt/2zPs6Fy
reddit
Sandboxing question • r/security
Currently I have a Win7 machine that runs in virtualbox. When I want to analyze an email attachemnt, or other suspect items, I save them to my...
Kaspersky: Yes, we obtained NSA secrets. No, we didnât help steal them
http://ift.tt/2hwncoA
Submitted November 17, 2017 at 03:18AM by DerBootsMann
via reddit http://ift.tt/2j1TAzN
http://ift.tt/2hwncoA
Submitted November 17, 2017 at 03:18AM by DerBootsMann
via reddit http://ift.tt/2j1TAzN
Ars Technica UK
Kaspersky: Yes, we obtained NSA secrets. No, we didn’t help steal them
Moscow-based AV provider challenges claims it helped Russian spies.
Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware
http://ift.tt/2zKIf12
Submitted November 17, 2017 at 03:57AM by SuccessfulOperation
via reddit http://ift.tt/2jwKSxE
http://ift.tt/2zKIf12
Submitted November 17, 2017 at 03:57AM by SuccessfulOperation
via reddit http://ift.tt/2jwKSxE
Motherboard
Internal Kaspersky Investigation Says NSA Worker’s Computer Was Infested with Malware
The Russian cybersecurity firm released a new report that pushes back against accusations that it helped leak sensitive NSA materials and suggests that a backdoor found on worker’s machine could have allowed others to take files from his machine.
Staring into the Spotlight - An offensive tour of the OSX userland search system
http://ift.tt/2jxHlio
Submitted November 17, 2017 at 04:19AM by nibblesec
via reddit http://ift.tt/2yQ9hB0
http://ift.tt/2jxHlio
Submitted November 17, 2017 at 04:19AM by nibblesec
via reddit http://ift.tt/2yQ9hB0
Doyensec
Staring into the Spotlight · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Securing the Internet of Things
http://ift.tt/2zJ1BUY
Submitted November 17, 2017 at 05:40AM by bagaudin
via reddit http://ift.tt/2jyPVNZ
http://ift.tt/2zJ1BUY
Submitted November 17, 2017 at 05:40AM by bagaudin
via reddit http://ift.tt/2jyPVNZ
www.us-cert.gov
Securing the Internet of Things | US-CERT
The Internet of Things refers to any object or device that sends and receives data automatically through the Internet. This rapidly expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices…
SQL Injection in bbPress
http://ift.tt/2AGZQ8k
Submitted November 17, 2017 at 09:54AM by rmddos
via reddit http://ift.tt/2hGftbx
http://ift.tt/2AGZQ8k
Submitted November 17, 2017 at 09:54AM by rmddos
via reddit http://ift.tt/2hGftbx
Sucuri Blog
SQL Injection in bbPress
bbPress users should update to WordPress 4.8.3 to avoid becoming victim of an SQL injection vulnerability discovered by Sucuri earlier this year.
JOLTandBLEED Vulnerability CVSS 10.0
http://ift.tt/2zFP5FB
Submitted November 17, 2017 at 09:48AM by alexander_polyakov
via reddit http://ift.tt/2AWVXfx
http://ift.tt/2zFP5FB
Submitted November 17, 2017 at 09:48AM by alexander_polyakov
via reddit http://ift.tt/2AWVXfx
Evading Microsoft's AutoRuns
http://ift.tt/2yPPvIU
Submitted November 17, 2017 at 11:04AM by Jixtapose
via reddit http://ift.tt/2zJIv12
http://ift.tt/2yPPvIU
Submitted November 17, 2017 at 11:04AM by Jixtapose
via reddit http://ift.tt/2zJIv12
Blog post for beginners - what is threat intelligence?
http://ift.tt/2j26Nc3
Submitted November 17, 2017 at 01:34PM by netbroom
via reddit http://ift.tt/2zPipHo
http://ift.tt/2j26Nc3
Submitted November 17, 2017 at 01:34PM by netbroom
via reddit http://ift.tt/2zPipHo
Pulsedive
What is threat intelligence?
A quick Google search suggests that a consensus has not quite been reached on defining the term “cyber threat intelligence.” There are some blog posts (yep, this one too) and even white…
Awareness about InfoSec: How do you deal with this?
Hi all, I am a student, working on InfoSec since almost three months at an IT-company. Before that, I did not know anything about it. I am no IT-guy, my study program is Industrial Engineering Management.My job is to create awareness amongst all employees of the company, using the ISO/IEC 27001:2013 standard.I'd like to see what you are doing about awareness. My progress: I give presentations about the policies, show updates on every monthly company meeting and I check for compliance. I am working on E-learning and phishing tools as well.Nowadays, some people turn around when they see me, because that remembers them they have to lock their screens. Some even shared that they do it even at home :-)If I think I can use some of your ideas, I'll let you know and make sure I refer to you correctly.
Submitted November 17, 2017 at 06:23PM by johanvdpluijm
via reddit http://ift.tt/2zLoJlr
Hi all, I am a student, working on InfoSec since almost three months at an IT-company. Before that, I did not know anything about it. I am no IT-guy, my study program is Industrial Engineering Management.My job is to create awareness amongst all employees of the company, using the ISO/IEC 27001:2013 standard.I'd like to see what you are doing about awareness. My progress: I give presentations about the policies, show updates on every monthly company meeting and I check for compliance. I am working on E-learning and phishing tools as well.Nowadays, some people turn around when they see me, because that remembers them they have to lock their screens. Some even shared that they do it even at home :-)If I think I can use some of your ideas, I'll let you know and make sure I refer to you correctly.
Submitted November 17, 2017 at 06:23PM by johanvdpluijm
via reddit http://ift.tt/2zLoJlr
reddit
Awareness about InfoSec: How do you deal with this? • r/security
Hi all, I am a student, working on InfoSec since almost three months at an IT-company. Before that, I did not know anything about it. I am no...