"lspitzner"
http://ift.tt/2izMun0
Submitted November 20, 2017 at 11:37PM by volci
via reddit http://ift.tt/2zYmrNw
http://ift.tt/2izMun0
Submitted November 20, 2017 at 11:37PM by volci
via reddit http://ift.tt/2zYmrNw
securingthehuman.sans.org
Security Awareness Blog | lspitzner
Security Awareness Blog blog pertaining to lspitzner
VU#817544. Windows ASLR Vulnerability
http://ift.tt/2zaxJ4a
Submitted November 20, 2017 at 11:35PM by bagaudin
via reddit http://ift.tt/2AWSOvq
http://ift.tt/2zaxJ4a
Submitted November 20, 2017 at 11:35PM by bagaudin
via reddit http://ift.tt/2AWSOvq
www.kb.cert.org
Vulnerability Note VU#817544 - Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is…
Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up…
VU#817544. Windows ASLR Vulnerability
http://ift.tt/2zaxJ4a
Submitted November 20, 2017 at 11:48PM by bagaudin
via reddit http://ift.tt/2zll52F
http://ift.tt/2zaxJ4a
Submitted November 20, 2017 at 11:48PM by bagaudin
via reddit http://ift.tt/2zll52F
www.kb.cert.org
Vulnerability Note VU#817544 - Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is…
Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up…
TP-Link serves no or outdated firmware on 30% of its European websites
http://ift.tt/2B7qDuP
Submitted November 20, 2017 at 11:29PM by Aeyoun
via reddit http://ift.tt/2hF1n6q
http://ift.tt/2B7qDuP
Submitted November 20, 2017 at 11:29PM by Aeyoun
via reddit http://ift.tt/2hF1n6q
Ctrl blog
TP-Link serves outdated or no firmware at all on 30% of its European websites
TP-Link uses the same firmware in most of Europe, but fails to keep their regional websites up to date with the latest versions.
Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts
http://ift.tt/2zNGmAN
Submitted November 21, 2017 at 12:02AM by volci
via reddit http://ift.tt/2AXWhd7
http://ift.tt/2zNGmAN
Submitted November 21, 2017 at 12:02AM by volci
via reddit http://ift.tt/2AXWhd7
The Hacker News
Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts
Security researchers have discovered a new variant of Terdot banking Trojan that steals social media and email accounts as well, along with bank account details.
A Sheep in Wolf’s Clothing – Finding RCE in HP’s Printer Fleet
http://ift.tt/2zmhbGJ
Submitted November 21, 2017 at 01:01AM by breen-machine
via reddit http://ift.tt/2zSwfLF
http://ift.tt/2zmhbGJ
Submitted November 21, 2017 at 01:01AM by breen-machine
via reddit http://ift.tt/2zSwfLF
Foxglovesecurity
A Sheep in Wolf’s Clothing – Finding RCE in HP’s Printer Fleet
By @breenmachine Sometimes the marketing department goes a little too far. Most of us who work in security have been there, non-technical people enthusiastic about selling the technical feat…
"The Security Awareness Board Game - At the EU #SecAwareSummit"
http://ift.tt/2mIBkRc
Submitted November 21, 2017 at 01:37AM by volci
via reddit http://ift.tt/2hQRwhE
http://ift.tt/2mIBkRc
Submitted November 21, 2017 at 01:37AM by volci
via reddit http://ift.tt/2hQRwhE
securingthehuman.sans.org
Security Awareness Blog | The Security Awareness Board Game - At the EU #SecAwareSummit
Security Awareness Blog blog pertaining to The Security Awareness Board Game - At the EU #SecAwareSummit
OWASP Top 10 - 2017 (pdf)
http://ift.tt/2z4aViD
Submitted November 21, 2017 at 02:21AM by based2
via reddit http://ift.tt/2B7UFye
http://ift.tt/2z4aViD
Submitted November 21, 2017 at 02:21AM by based2
via reddit http://ift.tt/2B7UFye
Man gets threats—not bug bounty—after finding DJI customer data in public view
http://ift.tt/2zbOV9y
Submitted November 21, 2017 at 02:51AM by speckz
via reddit http://ift.tt/2hPzY5q
http://ift.tt/2zbOV9y
Submitted November 21, 2017 at 02:51AM by speckz
via reddit http://ift.tt/2hPzY5q
Ars Technica
Man gets threats—not bug bounty—after finding DJI customer data in public view
A bug bounty hunter shared evidence; DJI called him a hacker and threatened with CFAA.
[Part 1] - Analysis the new Linux/AES.DDoS IoT malware
http://ift.tt/2mM3DhP
Submitted November 21, 2017 at 03:28AM by LloydLabs
via reddit http://ift.tt/2izGRFi
http://ift.tt/2mM3DhP
Submitted November 21, 2017 at 03:28AM by LloydLabs
via reddit http://ift.tt/2izGRFi
reddit
[Part 1] - Analysis the new Linux/AES.DDoS IoT malware • r/netsec
reddit: the front page of the internet
Intel audits their management engine and surprises fucking nobody
http://ift.tt/2iAjwDe
Submitted November 21, 2017 at 03:21AM by SlackerCrewsic
via reddit http://ift.tt/2AYeI1v
http://ift.tt/2iAjwDe
Submitted November 21, 2017 at 03:21AM by SlackerCrewsic
via reddit http://ift.tt/2AYeI1v
reddit
Intel audits their management engine and surprises... • r/netsec
3 points and 1 comments so far on reddit
Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers
http://ift.tt/2z2CvNa
Submitted November 21, 2017 at 04:05AM by EvanConover
via reddit http://ift.tt/2zlakNN
http://ift.tt/2z2CvNa
Submitted November 21, 2017 at 04:05AM by EvanConover
via reddit http://ift.tt/2zlakNN
Avast
Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers
Malicious mobile BankBot Trojan injected into everyday apps, taking advantage of unknowing users whose banking apps could be compromised
[Part 1] - Analysing the new Linux/AES.DDoS IoT malware.
http://ift.tt/2mM3DhP
Submitted November 21, 2017 at 03:49AM by LloydLabs
via reddit http://ift.tt/2jH3fA1
http://ift.tt/2mM3DhP
Submitted November 21, 2017 at 03:49AM by LloydLabs
via reddit http://ift.tt/2jH3fA1
reddit
[Part 1] - Analysing the new Linux/AES.DDoS IoT malware. • r/netsec
1 points and 0 comments so far on reddit
The Humble Book Bundle: Java presented by O’Reilly is Live
http://ift.tt/2znSCcf
Submitted November 21, 2017 at 04:28AM by 13378
via reddit http://ift.tt/2hFVfuL
http://ift.tt/2znSCcf
Submitted November 21, 2017 at 04:28AM by 13378
via reddit http://ift.tt/2hFVfuL
Humble Bundle
Humble Book Bundle: Java by O'Reilly
Pay what you want for books on Java and support charity!
"New" attacks on TLS / HTTPS
http://ift.tt/2zUS2SC
Submitted November 21, 2017 at 04:23AM by agrrrdog
via reddit http://ift.tt/2hFgq07
http://ift.tt/2zUS2SC
Submitted November 21, 2017 at 04:23AM by agrrrdog
via reddit http://ift.tt/2hFgq07
GitHub
GrrrDog/TLS-Redirection
TLS-Redirection - TLS Redirection
Over 400 of the World's Most Popular Websites Record Your Every Keystroke, Princeton Researchers Find
http://ift.tt/2jEXv9L
Submitted November 21, 2017 at 05:56AM by oneultralamewhiteboy
via reddit http://ift.tt/2hPUR0A
http://ift.tt/2jEXv9L
Submitted November 21, 2017 at 05:56AM by oneultralamewhiteboy
via reddit http://ift.tt/2hPUR0A
Motherboard
Over 400 of the World's Most Popular Websites Record Your Every Keystroke, Princeton Researchers Find
“Session replay noscripts” can be used to log (and then playback) everything you typed or clicked on a website.
How would one setup to start pen testing?
Put random unsecured boxes on the net and have at it? Is there an index of unsecured boxes to test on maybe if you pay?Want to get a better idea of what is possible from an attackers position.Thank you for your input and have a good one.
Submitted November 21, 2017 at 11:37AM by Darknezz19
via reddit http://ift.tt/2hPGHg2
Put random unsecured boxes on the net and have at it? Is there an index of unsecured boxes to test on maybe if you pay?Want to get a better idea of what is possible from an attackers position.Thank you for your input and have a good one.
Submitted November 21, 2017 at 11:37AM by Darknezz19
via reddit http://ift.tt/2hPGHg2
reddit
How would one setup to start pen testing? • r/security
Put random unsecured boxes on the net and have at it? Is there an index of unsecured boxes to test on maybe if you pay? Want to get a better...
Government Cyber Security News - Cyware
http://ift.tt/2zUA1nm
Submitted November 21, 2017 at 01:37PM by cywarelabs
via reddit http://ift.tt/2hJlIaY
http://ift.tt/2zUA1nm
Submitted November 21, 2017 at 01:37PM by cywarelabs
via reddit http://ift.tt/2hJlIaY
Cyware
Government Cyber Security News | Cyber Security Infrastructure | Cyware
Cyware Presents Cyber News on the go. Receive Brief extracts of important government cyber security news articles, to keep you informed of the cyber incidents around the world.
7 Tips to Secure All Your Data and Network Endpoints
http://ift.tt/2mL6esh
Submitted November 21, 2017 at 02:29PM by jbirdsin
via reddit http://ift.tt/2jKaBCQ
http://ift.tt/2mL6esh
Submitted November 21, 2017 at 02:29PM by jbirdsin
via reddit http://ift.tt/2jKaBCQ
dzone.com
7 Tips to Secure All Your Data and Network Endpoints - DZone Security
A look at what dev teams and CISOs can do to ensure the security of their data and network when using a third-party service for data management/security.
Research firm fools iPhone X's Face ID with cheap mask
http://ift.tt/2B8I4v1
Submitted November 21, 2017 at 09:06AM by mycall
via reddit http://ift.tt/2hQOYQP
http://ift.tt/2B8I4v1
Submitted November 21, 2017 at 09:06AM by mycall
via reddit http://ift.tt/2hQOYQP
Technobuffalo
Research firm fools iPhone X’s Face ID with cheap mask
Before the iPhone X launched, Apple claimed the device’s Face ID system was very unlikely to be fooled. But according to Vietnamese cybersecurity firm Bkav, Apple’s technology was spoofed using a mask that cost only $150 to make.
Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets
http://ift.tt/2AYA9iS
Submitted November 21, 2017 at 03:02PM by thijser2
via reddit http://ift.tt/2mKreza
http://ift.tt/2AYA9iS
Submitted November 21, 2017 at 03:02PM by thijser2
via reddit http://ift.tt/2mKreza
www.theregister.co.uk
Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets
Bugs can be exploited to extract info, potentially insert rootkits