A detailed review of hundreds of the most popular US federal websites shows that, year over year, most continue to fall short of security and technical requirements set by the federal government, as well as industry standards for web design and development.
http://ift.tt/2AaYHIP
Submitted November 28, 2017 at 09:58PM by EvanConover
via reddit http://ift.tt/2AfKx94
http://ift.tt/2AaYHIP
Submitted November 28, 2017 at 09:58PM by EvanConover
via reddit http://ift.tt/2AfKx94
Infosecurity Magazine
Federal Websites Still Lack Basic Security
Only 71% of all the reviewed websites passed the SSL test.
New NSA leak exposes Red Disk, the Army's failed intelligence system
http://ift.tt/2AEhTPE
Submitted November 28, 2017 at 09:47PM by Shin_Ichi
via reddit http://ift.tt/2ic45Em
http://ift.tt/2AEhTPE
Submitted November 28, 2017 at 09:47PM by Shin_Ichi
via reddit http://ift.tt/2ic45Em
ZDNet
Exclusive: NSA hit by yet another leak
The leak marks at least the fifth exposure of NSA-related data in as many years.
Kernel Exploit Demo - Windows 10 privesc via WARBIRD
http://ift.tt/2ABfzZI
Submitted November 28, 2017 at 10:13PM by HenrySeldon
via reddit http://ift.tt/2AcJrKW
http://ift.tt/2ABfzZI
Submitted November 28, 2017 at 10:13PM by HenrySeldon
via reddit http://ift.tt/2AcJrKW
XPN InfoSec Blog
Kernel Exploit Demo - Windows 10 privesc via WARBIRD
In this post I wanted to take a look at something which I touched on previously, and that is just how a Windows kernel based exploit achieves privilege escalation. Rather than take something like HackSys Extreme Vulnerable Windows Driver, I wanted to work…
Phishing using C# and InfoPath - The Phishing Path to Info We Missed.
http://ift.tt/2ndKBRu
Submitted November 28, 2017 at 09:54PM by checky
via reddit http://ift.tt/2iay6EJ
http://ift.tt/2ndKBRu
Submitted November 28, 2017 at 09:54PM by checky
via reddit http://ift.tt/2iay6EJ
Obscurity Labs
THE {PHISHING} {PATH} TO {INFO} WE MISSED
TL;DR: InfoPath is a fantastic way to run custom C# code, and we missed it as an attack vector sadly. At the moment it has been deprecated, but don't fret it's still everywhere! So what is InfoPath; merely put InfoPath is a forms-creation and data-gathering…
Terror exploit kit goes HTTPS all the way
http://ift.tt/2zxQ872
Submitted November 28, 2017 at 09:49PM by EvanConover
via reddit http://ift.tt/2zzrGCF
http://ift.tt/2zxQ872
Submitted November 28, 2017 at 09:49PM by EvanConover
via reddit http://ift.tt/2zzrGCF
Malwarebytes Labs
Terror exploit kit goes HTTPS all the way - Malwarebytes Labs
A look at some techniques used by the Terror exploit kit to evade traffic-based detection.
Help build an open-source, minimalistic, logless, anonymous room-based chat application in Node.JS - INDSTIL
http://ift.tt/2ncPpH0
Submitted November 28, 2017 at 11:03PM by Dellitsni
via reddit http://ift.tt/2zMB9KT
http://ift.tt/2ncPpH0
Submitted November 28, 2017 at 11:03PM by Dellitsni
via reddit http://ift.tt/2zMB9KT
GitHub
dellitsni/indstil
indstil - A stripped-down, simple and easy-to-use open source chat application, based on rooms and without registration.
Requesting tips on getting Security+ certification
I am looking to get a Security+ certification.I'm not very familiar with who issues this certification.I found CompTIA which offers a bundle with some kind of course (that has bad reviews) and a test, and retest coupon for about $500 USD right now.Is this the best use of my money? Are there better companies to go with?Thank you for your time.
Submitted November 28, 2017 at 10:51PM by Aro2220
via reddit http://ift.tt/2nhyrr5
I am looking to get a Security+ certification.I'm not very familiar with who issues this certification.I found CompTIA which offers a bundle with some kind of course (that has bad reviews) and a test, and retest coupon for about $500 USD right now.Is this the best use of my money? Are there better companies to go with?Thank you for your time.
Submitted November 28, 2017 at 10:51PM by Aro2220
via reddit http://ift.tt/2nhyrr5
reddit
Requesting tips on getting Security+ certification • r/security
I am looking to get a Security+ certification. I'm not very familiar with who issues this certification. I found CompTIA which offers a bundle...
Frida Engage Part Two | Shellcoding an Arm64 In-Memory Reverse TCP Shell with Frida
http://ift.tt/2iZUu0N
Submitted November 28, 2017 at 11:21PM by rotlogix_
via reddit http://ift.tt/2k5HMAV
http://ift.tt/2iZUu0N
Submitted November 28, 2017 at 11:21PM by rotlogix_
via reddit http://ift.tt/2k5HMAV
Calculating financial loss from IT security risk
http://ift.tt/2k4jtDk
Submitted November 28, 2017 at 11:35PM by nzwasp
via reddit http://ift.tt/2na2L6A
http://ift.tt/2k4jtDk
Submitted November 28, 2017 at 11:35PM by nzwasp
via reddit http://ift.tt/2na2L6A
Security Breach Online
Calculating financial loss from IT security risk - Security Breach Online
A large part of IT Security is risk mitigation. Assessing the risks to your business and implementing controls to reduce the risk or accepting the risk.
If you are a united states resident please sign.
http://ift.tt/2zw2ctE
Submitted November 29, 2017 at 12:31AM by airconditioningboy
via reddit http://ift.tt/2Ah2QZ7
http://ift.tt/2zw2ctE
Submitted November 29, 2017 at 12:31AM by airconditioningboy
via reddit http://ift.tt/2Ah2QZ7
petitions.whitehouse.gov
We The People Call for The Resignation of FCC Chairman Ajit Varadaraj Pai | We the People: Your Voice in Our Government
Exploitabilities (SRM Video Series Part 2)
https://www.youtube.com/watch?v=TdvfU6Y_nGY
Submitted November 29, 2017 at 01:03AM by Uminekoshi
via reddit http://ift.tt/2j2FBef
https://www.youtube.com/watch?v=TdvfU6Y_nGY
Submitted November 29, 2017 at 01:03AM by Uminekoshi
via reddit http://ift.tt/2j2FBef
YouTube
Exploitabilities (SRM Series Part 2)
This is the second part of our video series on Security Risk Management (SRM) which explains the concept of Exploitabilities: the intersection between vulner...
Login as 'root' with empty password after a few tries on MacOS High Sierra
https://twitter.com/lemiorhan/status/935578694541770752
Submitted November 29, 2017 at 01:48AM by mentalow
via reddit http://ift.tt/2zwGj9v
https://twitter.com/lemiorhan/status/935578694541770752
Submitted November 29, 2017 at 01:48AM by mentalow
via reddit http://ift.tt/2zwGj9v
Twitter
Lemi Orhan Ergin
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
Nightmares Of 2017 – List Of Worst Data Security Breaches
http://ift.tt/2k8e8Lz
Submitted November 29, 2017 at 01:43AM by TechBiteMe
via reddit http://ift.tt/2Ai3kya
http://ift.tt/2k8e8Lz
Submitted November 29, 2017 at 01:43AM by TechBiteMe
via reddit http://ift.tt/2Ai3kya
Tech Bite Me
Nightmares Of 2017 – List Of Worst Data Security Breaches | Tech Bite Me
Historical hacks come back to haunt, and recent breaches bite our behinds. The most threatening aspects of 2015 were the online privacy and security breach issues. If you think last year's 3 billion data-breaching records were terrible, this year has been…
How Bots Broke the FCC's Public Comment System
http://ift.tt/2Bk9BIX
Submitted November 29, 2017 at 02:45AM by xxfalcon69
via reddit http://ift.tt/2i0MOue
http://ift.tt/2Bk9BIX
Submitted November 29, 2017 at 02:45AM by xxfalcon69
via reddit http://ift.tt/2i0MOue
WIRED
How Bots Broke the FCC's Public Comment System
The FCC's net neutrality public comment period was overrun with bots, making it all but impossible for any one voice to be heard. That's not how this is supposed to work.
Recent Banking Trojan in Google Play Highlights the Importance of CAST - Contextually Aware Security Testing
http://ift.tt/2j1Ru3L
Submitted November 29, 2017 at 03:02AM by Mi3Security
via reddit http://ift.tt/2BkXc7P
http://ift.tt/2j1Ru3L
Submitted November 29, 2017 at 03:02AM by Mi3Security
via reddit http://ift.tt/2BkXc7P
Mi3 Security
Recent Banking Trojan in Google Play Highlights the Importance of CAST
Recently another piece of malware reared its head again inside the Google Play store. These recent examples of malware evading traditional up-front and one-time application scanning techniques underscore the importance of building a holistic risk profile…
PSA: Bitcoin Gold (BTG) Official Windows Wallet App Might Have Been Compromised
http://ift.tt/2jt85ND
Submitted November 29, 2017 at 02:58AM by speckz
via reddit http://ift.tt/2j1NbWt
http://ift.tt/2jt85ND
Submitted November 29, 2017 at 02:58AM by speckz
via reddit http://ift.tt/2j1NbWt
BleepingComputer
PSA: Bitcoin Gold (BTG) Official Windows Wallet App Might Have Been Compromised
The team behind the Bitcoin Gold (BTG) cryptocurrency have issued a security alert warning all users about a security incident involving the official Windows wallet application offered for download via its official website.
High Sierra: root with empty password
http://ift.tt/2j1F0sW
Submitted November 29, 2017 at 02:17AM by MantridDrones
via reddit http://ift.tt/2Ae51yF
http://ift.tt/2j1F0sW
Submitted November 29, 2017 at 02:17AM by MantridDrones
via reddit http://ift.tt/2Ae51yF
Symantec Encryption Desktop Local Privilege Escalation
http://ift.tt/2if0KEx
Submitted November 29, 2017 at 05:20AM by eth_
via reddit http://ift.tt/2BxmwII
http://ift.tt/2if0KEx
Submitted November 29, 2017 at 05:20AM by eth_
via reddit http://ift.tt/2BxmwII
Nettitude Labs
Symantec Encryption Desktop Local Privilege Escalation – Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS
Note: These vulnerabilities remain unpatched at the point of publication. We have been working with Symantec to try and help them to fix this since our initial private disclosure in July 2017 (ful…
HP stealthily installs spyware called HP Touchpoint Analytics Client
http://ift.tt/2AEnOEf
Submitted November 29, 2017 at 06:04AM by RandomCollection
via reddit http://ift.tt/2AFs4Uj
http://ift.tt/2AEnOEf
Submitted November 29, 2017 at 06:04AM by RandomCollection
via reddit http://ift.tt/2AFs4Uj
Computerworld
HP stealthily installs spyware called HP Touchpoint Analytics Client
It isn’t clear how the spying driver gets installed, but if you have an HP machine, locating and deleting the offending “service” takes just a few minutes.
Security Services in London to the Rich and Famous
http://ift.tt/Dcsx2A
Submitted November 29, 2017 at 05:40AM by guardsguy00
via reddit http://ift.tt/2jxlDay
http://ift.tt/Dcsx2A
Submitted November 29, 2017 at 05:40AM by guardsguy00
via reddit http://ift.tt/2jxlDay
Wfuzz Web Application Penetration Testing With Wfuzz
http://ift.tt/EfiePv
Submitted November 29, 2017 at 06:27AM by berkdusunurx
via reddit http://ift.tt/2jugPmC
http://ift.tt/EfiePv
Submitted November 29, 2017 at 06:27AM by berkdusunurx
via reddit http://ift.tt/2jugPmC
reddit
Wfuzz Web Application Penetration Testing With Wfuzz • r/netsec
2 points and 0 comments so far on reddit