Sandboxing question
Currently I have a Win7 machine that runs in virtualbox. When I want to analyze an email attachemnt, or other suspect items, I save them to my desktop (host OS), load the items as an ISO and mount the ISO to the VM, which has all it's network adapters disabled. My concern lies with how I handle the file on the host OS. Is there a safer way to do this? I would log into my email in the browser of the VM, but I don't want to touch any corporate info on that virtual machine, for obvious reasons.Am I doing this right?
Submitted November 17, 2017 at 03:41AM by hiskid
via reddit http://ift.tt/2zPs6Fy
Currently I have a Win7 machine that runs in virtualbox. When I want to analyze an email attachemnt, or other suspect items, I save them to my desktop (host OS), load the items as an ISO and mount the ISO to the VM, which has all it's network adapters disabled. My concern lies with how I handle the file on the host OS. Is there a safer way to do this? I would log into my email in the browser of the VM, but I don't want to touch any corporate info on that virtual machine, for obvious reasons.Am I doing this right?
Submitted November 17, 2017 at 03:41AM by hiskid
via reddit http://ift.tt/2zPs6Fy
reddit
Sandboxing question • r/security
Currently I have a Win7 machine that runs in virtualbox. When I want to analyze an email attachemnt, or other suspect items, I save them to my...
Kaspersky: Yes, we obtained NSA secrets. No, we didnât help steal them
http://ift.tt/2hwncoA
Submitted November 17, 2017 at 03:18AM by DerBootsMann
via reddit http://ift.tt/2j1TAzN
http://ift.tt/2hwncoA
Submitted November 17, 2017 at 03:18AM by DerBootsMann
via reddit http://ift.tt/2j1TAzN
Ars Technica UK
Kaspersky: Yes, we obtained NSA secrets. No, we didn’t help steal them
Moscow-based AV provider challenges claims it helped Russian spies.
Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware
http://ift.tt/2zKIf12
Submitted November 17, 2017 at 03:57AM by SuccessfulOperation
via reddit http://ift.tt/2jwKSxE
http://ift.tt/2zKIf12
Submitted November 17, 2017 at 03:57AM by SuccessfulOperation
via reddit http://ift.tt/2jwKSxE
Motherboard
Internal Kaspersky Investigation Says NSA Worker’s Computer Was Infested with Malware
The Russian cybersecurity firm released a new report that pushes back against accusations that it helped leak sensitive NSA materials and suggests that a backdoor found on worker’s machine could have allowed others to take files from his machine.
Staring into the Spotlight - An offensive tour of the OSX userland search system
http://ift.tt/2jxHlio
Submitted November 17, 2017 at 04:19AM by nibblesec
via reddit http://ift.tt/2yQ9hB0
http://ift.tt/2jxHlio
Submitted November 17, 2017 at 04:19AM by nibblesec
via reddit http://ift.tt/2yQ9hB0
Doyensec
Staring into the Spotlight · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Securing the Internet of Things
http://ift.tt/2zJ1BUY
Submitted November 17, 2017 at 05:40AM by bagaudin
via reddit http://ift.tt/2jyPVNZ
http://ift.tt/2zJ1BUY
Submitted November 17, 2017 at 05:40AM by bagaudin
via reddit http://ift.tt/2jyPVNZ
www.us-cert.gov
Securing the Internet of Things | US-CERT
The Internet of Things refers to any object or device that sends and receives data automatically through the Internet. This rapidly expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices…
SQL Injection in bbPress
http://ift.tt/2AGZQ8k
Submitted November 17, 2017 at 09:54AM by rmddos
via reddit http://ift.tt/2hGftbx
http://ift.tt/2AGZQ8k
Submitted November 17, 2017 at 09:54AM by rmddos
via reddit http://ift.tt/2hGftbx
Sucuri Blog
SQL Injection in bbPress
bbPress users should update to WordPress 4.8.3 to avoid becoming victim of an SQL injection vulnerability discovered by Sucuri earlier this year.
JOLTandBLEED Vulnerability CVSS 10.0
http://ift.tt/2zFP5FB
Submitted November 17, 2017 at 09:48AM by alexander_polyakov
via reddit http://ift.tt/2AWVXfx
http://ift.tt/2zFP5FB
Submitted November 17, 2017 at 09:48AM by alexander_polyakov
via reddit http://ift.tt/2AWVXfx
Evading Microsoft's AutoRuns
http://ift.tt/2yPPvIU
Submitted November 17, 2017 at 11:04AM by Jixtapose
via reddit http://ift.tt/2zJIv12
http://ift.tt/2yPPvIU
Submitted November 17, 2017 at 11:04AM by Jixtapose
via reddit http://ift.tt/2zJIv12
Blog post for beginners - what is threat intelligence?
http://ift.tt/2j26Nc3
Submitted November 17, 2017 at 01:34PM by netbroom
via reddit http://ift.tt/2zPipHo
http://ift.tt/2j26Nc3
Submitted November 17, 2017 at 01:34PM by netbroom
via reddit http://ift.tt/2zPipHo
Pulsedive
What is threat intelligence?
A quick Google search suggests that a consensus has not quite been reached on defining the term “cyber threat intelligence.” There are some blog posts (yep, this one too) and even white…
Awareness about InfoSec: How do you deal with this?
Hi all, I am a student, working on InfoSec since almost three months at an IT-company. Before that, I did not know anything about it. I am no IT-guy, my study program is Industrial Engineering Management.My job is to create awareness amongst all employees of the company, using the ISO/IEC 27001:2013 standard.I'd like to see what you are doing about awareness. My progress: I give presentations about the policies, show updates on every monthly company meeting and I check for compliance. I am working on E-learning and phishing tools as well.Nowadays, some people turn around when they see me, because that remembers them they have to lock their screens. Some even shared that they do it even at home :-)If I think I can use some of your ideas, I'll let you know and make sure I refer to you correctly.
Submitted November 17, 2017 at 06:23PM by johanvdpluijm
via reddit http://ift.tt/2zLoJlr
Hi all, I am a student, working on InfoSec since almost three months at an IT-company. Before that, I did not know anything about it. I am no IT-guy, my study program is Industrial Engineering Management.My job is to create awareness amongst all employees of the company, using the ISO/IEC 27001:2013 standard.I'd like to see what you are doing about awareness. My progress: I give presentations about the policies, show updates on every monthly company meeting and I check for compliance. I am working on E-learning and phishing tools as well.Nowadays, some people turn around when they see me, because that remembers them they have to lock their screens. Some even shared that they do it even at home :-)If I think I can use some of your ideas, I'll let you know and make sure I refer to you correctly.
Submitted November 17, 2017 at 06:23PM by johanvdpluijm
via reddit http://ift.tt/2zLoJlr
reddit
Awareness about InfoSec: How do you deal with this? • r/security
Hi all, I am a student, working on InfoSec since almost three months at an IT-company. Before that, I did not know anything about it. I am no...
Best folder security...
https://www.youtube.com/watch?v=1XG0Egc3Fjg
Submitted November 17, 2017 at 06:21PM by numanrajput2425
via reddit http://ift.tt/2A7YE0T
https://www.youtube.com/watch?v=1XG0Egc3Fjg
Submitted November 17, 2017 at 06:21PM by numanrajput2425
via reddit http://ift.tt/2A7YE0T
YouTube
Best Folder Lock Wise Folder Hider Pro Registered with Link
Best Folder Lock Wise Folder Hider Pro download plus registration link download and extract it with winrar or any other u want and in video installation meth...
afl-unicorn: Fuzzing Arbitrary Binary Code
http://ift.tt/2hXgtEY
Submitted November 17, 2017 at 06:09PM by maxxori
via reddit http://ift.tt/2zMhb1r
http://ift.tt/2hXgtEY
Submitted November 17, 2017 at 06:09PM by maxxori
via reddit http://ift.tt/2zMhb1r
Hacker Noon
afl-unicorn: Fuzzing Arbitrary Binary Code
Enabling the cutting-edge benefits of AFL on piece of binary you can emulate
High-Tech Bridge unveils free application discovery and inventory service
http://ift.tt/2mvGO1D
Submitted November 17, 2017 at 06:08PM by alexmeisterq
via reddit http://ift.tt/2hxmveP
http://ift.tt/2mvGO1D
Submitted November 17, 2017 at 06:08PM by alexmeisterq
via reddit http://ift.tt/2hxmveP
Help Net Security
High-Tech Bridge unveils free application discovery and inventory service - Help Net Security
High-Tech Bridge announce the public launch of ImmuniWeb Discovery. The free service is a part of the ImmuniWeb Application Security Testing (AST) Platform.
Google: Our hunt for hackers reveals phishing is far deadlier than data breaches
http://ift.tt/2ArEcEe
Submitted November 17, 2017 at 06:36PM by speckz
via reddit http://ift.tt/2yQ8jEL
http://ift.tt/2ArEcEe
Submitted November 17, 2017 at 06:36PM by speckz
via reddit http://ift.tt/2yQ8jEL
ZDNet
Google: Our hunt for hackers reveals phishing is far deadlier than data breaches
Phishing attackers love using Gmail.
Decentralization means higher satisfaction levels
Smart companies tend to decentralize their operations in order to improve customer satisfaction levels. Firms achieve this by introducing regional clusters. These clusters operate in their specific zone, thus they tend to be better adapted to business environment of the exact area. In addition, clusters cut the time required for any given transaction to go through. Hence why METRUMCOIN is going to use regional clusters. That along with other benefits of METRUMCOIN would lead to high levels of your satisfaction and high speed of transactions. METRUMCOIN appreciates every customer. https://metrumcoin.com/
Submitted November 17, 2017 at 06:34PM by Metrumcoin
via reddit http://ift.tt/2ATUSoV
Smart companies tend to decentralize their operations in order to improve customer satisfaction levels. Firms achieve this by introducing regional clusters. These clusters operate in their specific zone, thus they tend to be better adapted to business environment of the exact area. In addition, clusters cut the time required for any given transaction to go through. Hence why METRUMCOIN is going to use regional clusters. That along with other benefits of METRUMCOIN would lead to high levels of your satisfaction and high speed of transactions. METRUMCOIN appreciates every customer. https://metrumcoin.com/
Submitted November 17, 2017 at 06:34PM by Metrumcoin
via reddit http://ift.tt/2ATUSoV
Examining the value of Android's SafetyNet Attestation as an Application Integrity Security Control
http://ift.tt/2hGHGz5
Submitted November 17, 2017 at 07:27PM by pwnwaffe
via reddit http://ift.tt/2zN8xQz
http://ift.tt/2hGHGz5
Submitted November 17, 2017 at 07:27PM by pwnwaffe
via reddit http://ift.tt/2zN8xQz
Census-Labs
CENSUS | IT Security Works
Google promotes the SafetyNet Attestation API as a tool to query and assess the integrity status of an Android device. The official documentation, leaves no doubt that the main purpose of the SafetyNet Attestation API is to provide device integrity information…
Security In 5: Episode 114 - Tools, Tips and Tricks - Have I Been Pwned
http://ift.tt/2zMzX8V
Submitted November 17, 2017 at 07:39PM by BinaryBlog
via reddit http://ift.tt/2hAgAFY
http://ift.tt/2zMzX8V
Submitted November 17, 2017 at 07:39PM by BinaryBlog
via reddit http://ift.tt/2hAgAFY
Libsyn
Security In Five Podcast: Episode 114 - Tools, Tips and Tricks - Have I Been Pwned
One of the top websites to keep you informed of your security risks is Have I Been Pwned. This website allows you to search for your email account(s) to see if they have been part of any breaches. This website is critical to keep tabs on your privacy and…
Security Now 637 Schneier on Equifax | TWiT.TV
http://ift.tt/2AKkdkP
Submitted November 17, 2017 at 08:17PM by dmp1ce
via reddit http://ift.tt/2mzKorL
http://ift.tt/2AKkdkP
Submitted November 17, 2017 at 08:17PM by dmp1ce
via reddit http://ift.tt/2mzKorL
TWiT.tv
Security Now 637 Schneier on Equifax | TWiT.TV
This week we discuss why Steve won't be relying upon Face ID for security, a clever new hack of longstanding NTFS and Windows behavior, the Vault8 WikiLeaks news, the predictable r…
The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!
http://ift.tt/2vxWpB6
Submitted November 17, 2017 at 10:26PM by yourbasicgeek
via reddit http://ift.tt/2irZwD3
http://ift.tt/2vxWpB6
Submitted November 17, 2017 at 10:26PM by yourbasicgeek
via reddit http://ift.tt/2irZwD3
WSJ
The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!
Bill Burr’s 2003 report recommended using numbers, obscure characters and capital letters and updating regularly. As his advice is overturned, he feels regretful.
The Traditional Security Stack Must Evolve To Face Predatory Malware | BCW
http://ift.tt/2jy9u9b
Submitted November 17, 2017 at 11:20PM by SecurityTrust
via reddit http://ift.tt/2hGcgZp
http://ift.tt/2jy9u9b
Submitted November 17, 2017 at 11:20PM by SecurityTrust
via reddit http://ift.tt/2hGcgZp
Business Computing World | Inspirational IT Thought Leaders Blog
The Traditional Security Stack Must Evolve To Face Predatory Malware | BCW
When it comes to security, we are in a state of flux. Firewalls combined with other solutions, which make up the typical security stack today, are being neutralised and investments made irrelevant by the level of predatory malware being used in cyberattacks.…
Termination of the certificates business of StartCom
http://ift.tt/2zOkZ2x
Submitted November 17, 2017 at 11:54PM by grepnork
via reddit http://ift.tt/2A9eecw
http://ift.tt/2zOkZ2x
Submitted November 17, 2017 at 11:54PM by grepnork
via reddit http://ift.tt/2A9eecw
Google
Google Groups
Google Groups allows you to create and participate in online forums and email-based groups with a rich experience for community conversations.