Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]
http://ift.tt/2j1F0sW
Submitted November 29, 2017 at 06:21AM by Reddfish
via reddit http://ift.tt/2Bk6iS0
http://ift.tt/2j1F0sW
Submitted November 29, 2017 at 06:21AM by Reddfish
via reddit http://ift.tt/2Bk6iS0
reddit
Major macOS High Sierra Bug Allows Full Admin Access... • r/netsec
15 points and 1 comments so far on reddit
root on macOS might be accessible without a password
https://twitter.com/lemiorhan/status/935578694541770752
Submitted November 29, 2017 at 01:33AM by LawnGnome
via reddit http://ift.tt/BZwCDD
https://twitter.com/lemiorhan/status/935578694541770752
Submitted November 29, 2017 at 01:33AM by LawnGnome
via reddit http://ift.tt/BZwCDD
Twitter
Lemi Orhan Ergin
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
FingBox vs BitDefender Box 2.0?
Hey, all! I’m interested in securing my home network, and was wondering if anybody could offer thoughts on the strengths and weaknesses of the FingBox (plus an off-the-shelf virus protection) vs the soon to be released BitDefender Box 2.0? It looks to me like the BD Box is expected to be much more comprehensive, offering continuous monitoring - but I can’t tell if this is packet sniffing?My home does have IoT, including Echo and smart devices, so I like the promise of BD Box 2 Protection - but I’m skeptical, after the less-than-stellar performance of their first gen unit.Any thoughts or advice?Thanks, all, in advance!
Submitted November 29, 2017 at 09:16AM by AmousAnon
via reddit http://ift.tt/2zz2qvX
Hey, all! I’m interested in securing my home network, and was wondering if anybody could offer thoughts on the strengths and weaknesses of the FingBox (plus an off-the-shelf virus protection) vs the soon to be released BitDefender Box 2.0? It looks to me like the BD Box is expected to be much more comprehensive, offering continuous monitoring - but I can’t tell if this is packet sniffing?My home does have IoT, including Echo and smart devices, so I like the promise of BD Box 2 Protection - but I’m skeptical, after the less-than-stellar performance of their first gen unit.Any thoughts or advice?Thanks, all, in advance!
Submitted November 29, 2017 at 09:16AM by AmousAnon
via reddit http://ift.tt/2zz2qvX
reddit
FingBox vs BitDefender Box 2.0? • r/security
Hey, all! I’m interested in securing my home network, and was wondering if anybody could offer thoughts on the strengths and weaknesses of the...
People are going nuts over Apple's root password bug. Reminds me of CVE-2016-4484. Sometimes holding enter is all you need
http://ift.tt/2ez4Sfu
Submitted November 29, 2017 at 10:13AM by ticoombs
via reddit http://ift.tt/2kavXJT
http://ift.tt/2ez4Sfu
Submitted November 29, 2017 at 10:13AM by ticoombs
via reddit http://ift.tt/2kavXJT
reddit
People are going nuts over Apple's root password bug.... • r/netsec
1 points and 2 comments so far on reddit
Pupy websocket transport writeup
http://ift.tt/2Bmxlft
Submitted November 29, 2017 at 02:23PM by n1nj4sec
via reddit http://ift.tt/2Af0Oe5
http://ift.tt/2Bmxlft
Submitted November 29, 2017 at 02:23PM by n1nj4sec
via reddit http://ift.tt/2Af0Oe5
Bit Rot
Pupy WebSocket Transport
Pupy WebSocket Transport Why Pupy? Pupy is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in Python. It’s easily …
Why "blank" Gets You Root on macOS
http://ift.tt/2igMg78
Submitted November 29, 2017 at 05:29PM by albinowax
via reddit http://ift.tt/2AjF7Kk
http://ift.tt/2igMg78
Submitted November 29, 2017 at 05:29PM by albinowax
via reddit http://ift.tt/2AjF7Kk
Objective-See
Why _blank_ Gets You Root
tracking down the cause of a serious authentication flaw
Attackers Exploit 17-Year-Old Bug to Deliver Malware via Cobalt Strike
http://ift.tt/2Aj2L9N
Submitted November 29, 2017 at 05:41PM by nanooonanooo
via reddit http://ift.tt/2Bw1YjD
http://ift.tt/2Aj2L9N
Submitted November 29, 2017 at 05:41PM by nanooonanooo
via reddit http://ift.tt/2Bw1YjD
The State of Security
Attackers Exploit 17-Year-Old Bug to Deliver Malware via Cobalt Strike
Malicious actors are exploiting a 17-year-old vulnerability to infect machines with malware using a component of the Cobalt Strike penetration tool.
Security online training & courses by ITSM
http://ift.tt/2j0EBae
Submitted November 29, 2017 at 06:47PM by lipsacademy
via reddit http://ift.tt/2BlMEVN
http://ift.tt/2j0EBae
Submitted November 29, 2017 at 06:47PM by lipsacademy
via reddit http://ift.tt/2BlMEVN
IT Security Mentor
Security online training - IT Security - Itsecuritymentor
Itsecuritymentor is complete package for IT security solutions, We provide Security online training & information security solutions to customer.
Yet Another Way of Getting root on High Sierra
https://twitter.com/xiam/status/935878591082049536
Submitted November 29, 2017 at 08:01PM by xiamk
via reddit http://ift.tt/2Ajj6Jb
https://twitter.com/xiam/status/935878591082049536
Submitted November 29, 2017 at 08:01PM by xiamk
via reddit http://ift.tt/2Ajj6Jb
Twitter
josé nieto
I found yet ANOTHER WAY of getting root on High Sierra w/o providing a password: 1. Open a terminal and type "su". 2. When asked for a password press {ARROW UP} and {ENTER} instead. 3. # PROFIT!!11 (doesn't work if you've already set a password for root)…
Security In 5: Episode 121 - Personal Security Tips For Holiday Shopping
http://ift.tt/2kaA08I
Submitted November 29, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2ijCTDQ
http://ift.tt/2kaA08I
Submitted November 29, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2ijCTDQ
Libsyn
Security In Five Podcast: Episode 121 - Personal Security Tips For Holiday Shopping
The holiday season is upon us and that means more trips to the stores and more purchases online. This also means the bad guys are increasing their patrols to steal, defraud and get your data. This episode lays out tips that you can can to strengthen your…
5 Reasons Cyber Defense Is Like Healthcare
http://ift.tt/2i0L9og
Submitted November 29, 2017 at 07:11PM by Uminekoshi
via reddit http://ift.tt/2j0gLeM
http://ift.tt/2i0L9og
Submitted November 29, 2017 at 07:11PM by Uminekoshi
via reddit http://ift.tt/2j0gLeM
Nehemiah Security
5 Reasons Cyber Defense Is Like Healthcare - Nehemiah Security
Let’s face it, enterprise information systems can be large, complex ecosystems that preclude anyone from completely understanding all aspects of them. Thirty years ago, a few endpoints were cobbled together on a single LAN and everyone marveled at how characters…
Anatomy of an ASP.NET Identity PasswordHash
http://ift.tt/2Akh1PO
Submitted November 29, 2017 at 06:57PM by ruidfigueiredo
via reddit http://ift.tt/2Bx4B4y
http://ift.tt/2Akh1PO
Submitted November 29, 2017 at 06:57PM by ruidfigueiredo
via reddit http://ift.tt/2Bx4B4y
The Blinking Caret
Anatomy of an ASP.NET Identity PasswordHash - The Blinking Caret
This blog post explains how password storage is performed in ASP.NET Identity V2 and V3. It provides a guide on how to manually create a PasswordHash.
Exploring cmdkey: An Edge Case for Privilege Escalation
http://ift.tt/2AlGSqg
Submitted November 29, 2017 at 06:33PM by swizzlez_
via reddit http://ift.tt/2iikwPw
http://ift.tt/2AlGSqg
Submitted November 29, 2017 at 06:33PM by swizzlez_
via reddit http://ift.tt/2iikwPw
Peew.pw
Exploring cmdkey: An Edge Case for Privilege Escalation
In this post we look at how credentials cached via cmdkey.exe can be used as a method of privilege escalation on an internal penetration test.
The Best Employee Monitoring Software of 2017
http://ift.tt/2Af1yjj
Submitted November 29, 2017 at 08:46PM by Ndubs526
via reddit http://ift.tt/2AkZ5lw
http://ift.tt/2Af1yjj
Submitted November 29, 2017 at 08:46PM by Ndubs526
via reddit http://ift.tt/2AkZ5lw
PCMAG
The Best Employee Monitoring Software of 2017
It's important to have visibility into what your onsite and remote employees are doing while on the clock. We test five employee monitoring tools for tracking user productivity, application and website activity, screen capture and alerts, and much more.
Conference calls present a significant and overlooked security gap in the enterprise, according to a new research study from LoopUp
http://ift.tt/2ijAjxu
Submitted November 29, 2017 at 09:08PM by EvanConover
via reddit http://ift.tt/2Aj0s6R
http://ift.tt/2ijAjxu
Submitted November 29, 2017 at 09:08PM by EvanConover
via reddit http://ift.tt/2Aj0s6R
Infosecurity Magazine
Conference Calls a ‘Significant & Overlooked’ Security Gap in the Enterprise
66% of professionals use the same passcodes to dial-in to calls for up to a year or more
Choosing a password manager
http://ift.tt/2kdjlSl
Submitted November 29, 2017 at 10:06PM by nzwasp
via reddit http://ift.tt/2Bwy26U
http://ift.tt/2kdjlSl
Submitted November 29, 2017 at 10:06PM by nzwasp
via reddit http://ift.tt/2Bwy26U
Security Breach Online
Choosing a password manager - Security Breach Online
Credential theft is a challenging vulnerability to mitigate since it exploits a feature - that users must be able to log on to networks
"How Can I Tell This is an Attack? - Amazon Support Phish"
http://ift.tt/2kaNwt9
Submitted November 29, 2017 at 09:52PM by volci
via reddit http://ift.tt/2AHQOLE
http://ift.tt/2kaNwt9
Submitted November 29, 2017 at 09:52PM by volci
via reddit http://ift.tt/2AHQOLE
securingthehuman.sans.org
Security Awareness Blog | How Can I Tell This is an Attack? - Amazon Support Phish
Security Awareness Blog blog pertaining to How Can I Tell This is an Attack? - Amazon Support Phish
Apple releases Security Update patching root password vulnerability for High Sierra.
http://ift.tt/2k9Gsgq
Submitted November 29, 2017 at 10:10PM by cuenta_tres
via reddit http://ift.tt/2ikLCp9
http://ift.tt/2k9Gsgq
Submitted November 29, 2017 at 10:10PM by cuenta_tres
via reddit http://ift.tt/2ikLCp9
Apple Support
About the security content of Security Update 2017-001
This document describes the security content of Security Update 2017-001.
ROKRAT Reloaded
http://ift.tt/2AmgYmg
Submitted November 29, 2017 at 10:08PM by kink0
via reddit http://ift.tt/2iiHdTN
http://ift.tt/2AmgYmg
Submitted November 29, 2017 at 10:08PM by kink0
via reddit http://ift.tt/2iiHdTN
Talosintelligence
ROKRAT Reloaded
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Gain Root Access ~Remotely~ with Newly Discovered Vulnerability Within macOS High Sierra
http://ift.tt/2zAewF7
Submitted November 29, 2017 at 10:38PM by goopcat
via reddit http://ift.tt/2j0I6xs
http://ift.tt/2zAewF7
Submitted November 29, 2017 at 10:38PM by goopcat
via reddit http://ift.tt/2j0I6xs
Independent Security Evaluators
Gain Root Access Remotely with Newly Discovered Vulnerability Within macOS High Sierra
How an attacker gains root remotely on macOS High Sierra (no password needed) and how to protect yourself from this vulnerability.
Security update for High Sierra root issue released
http://ift.tt/2k9Gsgq
Submitted November 29, 2017 at 09:51PM by faderprime
via reddit http://ift.tt/2AmTq0Z
http://ift.tt/2k9Gsgq
Submitted November 29, 2017 at 09:51PM by faderprime
via reddit http://ift.tt/2AmTq0Z
Apple Support
About the security content of Security Update 2017-001
This document describes the security content of Security Update 2017-001.