Collection of bugs in over 30 email clients to spoof sender and inject code
http://ift.tt/2zPCiND
Submitted December 05, 2017 at 03:23PM by tellersiim
via reddit http://ift.tt/2ntM5HA
http://ift.tt/2zPCiND
Submitted December 05, 2017 at 03:23PM by tellersiim
via reddit http://ift.tt/2ntM5HA
reddit
Collection of bugs in over 30 email clients to spoof... • r/security
3 points and 0 comments so far on reddit
Who should take over my infosec awareness program after I leave?
I have the following situation: we have a team of People Operations with experience on training people. Some of them are part of the information security team. Will it be good to let them do the awareness training, information security updates in general meetings etc or should the CISO do this?The reason the CISO could be a good option (regardless of presentation skills) is the fact this person is the one in charge of infosec and therefore has authority. The awareness program is also the #1 way to make yourself visible in relation to infosec.I am the one running the program atm and the most visible because of this, so I am sure of this point about visibility.In other words: Should we choose for authority or training skills?(Best option is to combine both but atm that is not an option. Later on, the CISO could be sent to presentation training courses)Our plan for now:I am the intern working on awareness, so I will continue my program until I leave. In the meantime, I will gradually hand over the program to my company counselor (who also is the project manager for the certification,management representative of infosec and director People Operations), with the CISO as number 2 for the program.The company counselor will do the offline courses and the general meeting parts (he already is the one leading the general meeting) and the CISO will be the person for E-learning and phishing as well as backup for the offline training.Please let me know what you think. I prefer to receive constructive feedback.
Submitted December 05, 2017 at 03:20PM by johanvdpluijm
via reddit http://ift.tt/2zO1R1G
I have the following situation: we have a team of People Operations with experience on training people. Some of them are part of the information security team. Will it be good to let them do the awareness training, information security updates in general meetings etc or should the CISO do this?The reason the CISO could be a good option (regardless of presentation skills) is the fact this person is the one in charge of infosec and therefore has authority. The awareness program is also the #1 way to make yourself visible in relation to infosec.I am the one running the program atm and the most visible because of this, so I am sure of this point about visibility.In other words: Should we choose for authority or training skills?(Best option is to combine both but atm that is not an option. Later on, the CISO could be sent to presentation training courses)Our plan for now:I am the intern working on awareness, so I will continue my program until I leave. In the meantime, I will gradually hand over the program to my company counselor (who also is the project manager for the certification,management representative of infosec and director People Operations), with the CISO as number 2 for the program.The company counselor will do the offline courses and the general meeting parts (he already is the one leading the general meeting) and the CISO will be the person for E-learning and phishing as well as backup for the offline training.Please let me know what you think. I prefer to receive constructive feedback.
Submitted December 05, 2017 at 03:20PM by johanvdpluijm
via reddit http://ift.tt/2zO1R1G
reddit
Who should take over my infosec awareness program... • r/security
I have the following situation: we have a team of People Operations with experience on training people. Some of them are part of the information...
Locksmith solution in Luton
http://ift.tt/2nudN6P
Submitted December 05, 2017 at 03:18PM by JohnBrown22
via reddit http://ift.tt/2zPUtTk
http://ift.tt/2nudN6P
Submitted December 05, 2017 at 03:18PM by JohnBrown22
via reddit http://ift.tt/2zPUtTk
www.carlocksmithsluton.co.uk
Car Locksmiths Luton | J A V Auto Locksmiths | Locksmith Service Luton/Auto Locksmith Luton/Van Locksmith Luton/Locksmith Luton/Emergency…
Car Locksmiths Luton, Locksmith Service Luton, Auto Locksmith Luton, Van Locksmith Luton, Locksmith Luton, Emergency Locksmith Luton, Key Cutting Luton, Digital Locks Fitted Luton, Car Key Repairs Luton
Pentest Toolbox Additions 2017
http://ift.tt/2iTGPvp
Submitted December 05, 2017 at 02:44PM by nanooonanooo
via reddit http://ift.tt/2AQTSEN
http://ift.tt/2iTGPvp
Submitted December 05, 2017 at 02:44PM by nanooonanooo
via reddit http://ift.tt/2AQTSEN
The State of Security
Pentest Toolbox Additions 2017
In this post, I highlight some of the useful pentesting tools I’ve started to use this past year. Welcome to, "Pentest Toolbox Additions 2017".
According to Keeper survey, >80% of ppl reuse a password across multiple accounts, which increases the risk of getting hacked. According to Dashlane, 100 accounts are registered to a single e-mail, and people change their PWs 37 times per year. How to Survive the Overwhelming Explosion of Passwords?
http://ift.tt/2BJQJnS
Submitted December 05, 2017 at 04:39PM by jaanv
via reddit http://ift.tt/2kkxr47
http://ift.tt/2BJQJnS
Submitted December 05, 2017 at 04:39PM by jaanv
via reddit http://ift.tt/2kkxr47
reddit
According to Keeper survey, >80% of ppl reuse a... • r/security
2 points and 2 comments so far on reddit
Mailsploit: a collection of bugs in email clients that allow effective sender spoofing and code injection attacks
http://ift.tt/2AX8B1r
Submitted December 05, 2017 at 05:52PM by 0xdea
via reddit http://ift.tt/2AqHwT4
http://ift.tt/2AX8B1r
Submitted December 05, 2017 at 05:52PM by 0xdea
via reddit http://ift.tt/2AqHwT4
reddit
Mailsploit: a collection of bugs in email clients that... • r/netsec
3 points and 0 comments so far on reddit
Barclays stopped offering free Russian anti-virus software
http://ift.tt/2BxBmxX
Submitted December 05, 2017 at 05:36PM by campuscodi
via reddit http://ift.tt/2AwzpCD
http://ift.tt/2BxBmxX
Submitted December 05, 2017 at 05:36PM by campuscodi
via reddit http://ift.tt/2AwzpCD
E Hacking News - Latest Hacker News and IT Security News
Barclays stopped offering free Russian anti-virus software
Latest Information Security and hacker news site.Know about cyber crime and law. Cyber Security updates to improve your network security
Security In 5: Episode 125 - OWASP Top 10 - A8 - Cross Site Request Forgery
http://ift.tt/2AQP02z
Submitted December 05, 2017 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2iRY544
http://ift.tt/2AQP02z
Submitted December 05, 2017 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2iRY544
Libsyn
Security In Five Podcast: Episode 125 - OWASP Top 10 - A8 - Cross Site Request Forgery
The OWASP Top 10 series continues on to number 8, Cross Site Script Forgery. This vulnerability is about how applications take input and requests and about how they could be forged to be sent elsewhere. Verify the calls or randomize the code to help avoid…
Virtual Keyboard Developer Leaked 31 Million of Client Records
http://ift.tt/2AyGZga
Submitted December 05, 2017 at 08:45PM by FireFart
via reddit http://ift.tt/2AZZwov
http://ift.tt/2AyGZga
Submitted December 05, 2017 at 08:45PM by FireFart
via reddit http://ift.tt/2AZZwov
MacKeeper™ Security Research Center
Virtual Keyboard Developer Leaked 31 Million of Client Records
31 Million Client Registration Files Leaked by Personalized Keyboard Developer.
How To Tell If Your Linux Server Has Been Compromised
http://ift.tt/2An1mi7
Submitted December 05, 2017 at 09:32PM by speckz
via reddit http://ift.tt/2iThm5o
http://ift.tt/2An1mi7
Submitted December 05, 2017 at 09:32PM by speckz
via reddit http://ift.tt/2iThm5o
bash-prompt.net
Linux Guides For Linux Users
Bash-Prompt.net is a site dedicated to providing high quality linux guides
Cryptocurrency Hype is Creating Mobile Application Security Risk
http://ift.tt/2ASO8ua
Submitted December 05, 2017 at 09:18PM by Mi3Security
via reddit http://ift.tt/2iVV17e
http://ift.tt/2ASO8ua
Submitted December 05, 2017 at 09:18PM by Mi3Security
via reddit http://ift.tt/2iVV17e
Mi3 Security
Cryptocurrency Hype is Creating Mobile Application Security Risk
The cryptocurrency market is rapidly emerging, changing and growing exponentially. All this excitement, growth and money being invested in the cryptocurrency market has brought with it many mobile applications, many of which contain security risks.
How CISOs Can Successfully Talk Security to CEOs
http://ift.tt/2nsdLfT
Submitted December 05, 2017 at 09:59PM by CrankyBear
via reddit http://ift.tt/2Ayp09C
http://ift.tt/2nsdLfT
Submitted December 05, 2017 at 09:59PM by CrankyBear
via reddit http://ift.tt/2Ayp09C
Security Boulevard
How CISOs Can Successfully Talk Security to CEOs
One of the toughest jobs in security is communicating risk to business leadership. Here are tips to help connect with the CEO and Board.
Critical RCE in Android media framework, among other issues
http://ift.tt/2BxmH5O
Submitted December 05, 2017 at 10:37PM by bro_can_u_even_carve
via reddit http://ift.tt/2kq9t7P
http://ift.tt/2BxmH5O
Submitted December 05, 2017 at 10:37PM by bro_can_u_even_carve
via reddit http://ift.tt/2kq9t7P
reddit
Critical RCE in Android media framework, among other issues • r/netsec
6 points and 10 comments so far on reddit
How RSA Works: TLS Foundations
http://ift.tt/2iX924j
Submitted December 05, 2017 at 11:34PM by kavb
via reddit http://ift.tt/2zOrGOZ
http://ift.tt/2iX924j
Submitted December 05, 2017 at 11:34PM by kavb
via reddit http://ift.tt/2zOrGOZ
Fly Articles
How RSA Works: TLS Foundations
RSA is a foundational algorithm within modern Cryptography. If we understand how RSA is working behind the curtains then we'll have an excellent framework to better understand TLS. When we contrast RSA to the more modern ECDSA, we'll see just how sophisticated…
Need help determining if a computers have been compromised.
I have to keep this slightly vague due to confidentiality. But I am currently working as an intern for a very small company. I am currently a Security Risk Analysis major and my internship has definitely over ranked my skills. There are no mentors in terms of security and they have given me an assignment to go to one of the businesses we work with and search there computers for malware. The denoscription of the situation is that the company is separating from there partner and the owner is convinced the partner has infected there computers with viruses/malware/spyware that he has no actual proof of. I went there once and did the basics ran some virus scans and other simple checks. They came back with only one malicious file which i looked further into and it was very common thing (most likely something from the partner). I have to go back tomorrow now because the virus scan wasn't good enough for them. I have no idea how to find this or what I should do. Can anyone give me some advice on how I can find or prove that there is nothing wrong with their computers.
Submitted December 06, 2017 at 12:24AM by dk_beats
via reddit http://ift.tt/2jhLMep
I have to keep this slightly vague due to confidentiality. But I am currently working as an intern for a very small company. I am currently a Security Risk Analysis major and my internship has definitely over ranked my skills. There are no mentors in terms of security and they have given me an assignment to go to one of the businesses we work with and search there computers for malware. The denoscription of the situation is that the company is separating from there partner and the owner is convinced the partner has infected there computers with viruses/malware/spyware that he has no actual proof of. I went there once and did the basics ran some virus scans and other simple checks. They came back with only one malicious file which i looked further into and it was very common thing (most likely something from the partner). I have to go back tomorrow now because the virus scan wasn't good enough for them. I have no idea how to find this or what I should do. Can anyone give me some advice on how I can find or prove that there is nothing wrong with their computers.
Submitted December 06, 2017 at 12:24AM by dk_beats
via reddit http://ift.tt/2jhLMep
reddit
Need help determining if a computers have been... • r/security
I have to keep this slightly vague due to confidentiality. But I am currently working as an intern for a very small company. I am currently a...
Humble Book Bundle: Network & Security Certification is now live
http://ift.tt/2AxNHCY
Submitted December 06, 2017 at 01:22AM by ungarsd
via reddit http://ift.tt/2AukjQ3
http://ift.tt/2AxNHCY
Submitted December 06, 2017 at 01:22AM by ungarsd
via reddit http://ift.tt/2AukjQ3
Humble Bundle
Humble Book Bundle: Network & Security Certification by Wiley
Pay what you want for networking and security ebooks and support charity!
Thinking in Graphs: Exploring with Timesketch
http://ift.tt/2BML0Oi
Submitted December 06, 2017 at 02:02AM by j4711
via reddit http://ift.tt/2iXwA9x
http://ift.tt/2BML0Oi
Submitted December 06, 2017 at 02:02AM by j4711
via reddit http://ift.tt/2iXwA9x
Medium
Thinking in Graphs: Exploring with Timesketch
As an incident response engineer at Google, nearly every incident I’ve investigated leads to one common truth: relationships between events…
Securing Home Network
Hello, I have a quick question. I am a Security Administrator at a local IT company, and I also attend high school (I am a senior) and a local career center for Cybersecurity...I have had NAT issues in the past (on Xbox) with my ISP, and so I requested that I would be given a Public IP address, as at the time, I figured that was the best option, after attempting to configure port forwarding, DMZ, etc. with no success.Now that I am a Security Administrator, and have more knowledge in this field, what would the best course of action be?Should I ask to be given a private IP again, and try and take my hand at port forwarding again? Or is there a way I can secure my own network internally without relying on the ISP? It would be nice to be able to manage my own network's security, but I'm not sure if it is the best idea, let alone the best way to achieve that. Thank you in advance!
Submitted December 06, 2017 at 02:29AM by ksyolsen
via reddit http://ift.tt/2AZSQa2
Hello, I have a quick question. I am a Security Administrator at a local IT company, and I also attend high school (I am a senior) and a local career center for Cybersecurity...I have had NAT issues in the past (on Xbox) with my ISP, and so I requested that I would be given a Public IP address, as at the time, I figured that was the best option, after attempting to configure port forwarding, DMZ, etc. with no success.Now that I am a Security Administrator, and have more knowledge in this field, what would the best course of action be?Should I ask to be given a private IP again, and try and take my hand at port forwarding again? Or is there a way I can secure my own network internally without relying on the ISP? It would be nice to be able to manage my own network's security, but I'm not sure if it is the best idea, let alone the best way to achieve that. Thank you in advance!
Submitted December 06, 2017 at 02:29AM by ksyolsen
via reddit http://ift.tt/2AZSQa2
reddit
Securing Home Network • r/security
Hello, I have a quick question. I am a Security Administrator at a local IT company, and I also attend high school (I am a senior) and a local...
Complete Guide to Security Awareness Program Plan Strategy
http://ift.tt/2jVAr3c
Submitted December 06, 2017 at 05:36AM by Inkyandthebrain
via reddit http://ift.tt/2imvZKu
http://ift.tt/2jVAr3c
Submitted December 06, 2017 at 05:36AM by Inkyandthebrain
via reddit http://ift.tt/2imvZKu
Habitu8
Security Awareness Program Plan & Strategy Guide - Habitu8
Are you starting a security awareness training program from the ground up? Save time by using Habitu8's time-tested strategy guide as your framework!
Network Forensic Puzzles
Hello, I am hoping some of you are familiar with the content over at http://ift.tt/193Dhw0. If you are not, they are network forensic puzzles where they supply the pcap file and ask questions about the content/data that can be found in the pcap files. I am curious as to what level experience these puzzles are designed for. Are these something a novice should know how to do or are these expert level puzzles? Any input is much appreciated.
Submitted December 06, 2017 at 06:04AM by PacketCruiser
via reddit http://ift.tt/2BLWAZY
Hello, I am hoping some of you are familiar with the content over at http://ift.tt/193Dhw0. If you are not, they are network forensic puzzles where they supply the pcap file and ask questions about the content/data that can be found in the pcap files. I am curious as to what level experience these puzzles are designed for. Are these something a novice should know how to do or are these expert level puzzles? Any input is much appreciated.
Submitted December 06, 2017 at 06:04AM by PacketCruiser
via reddit http://ift.tt/2BLWAZY
reddit
Network Forensic Puzzles • r/security
Hello, I am hoping some of you are familiar with the content over at http://forensicscontest.com/puzzles. If you are not, they are network...
Incoming Mailsploit is here.
http://ift.tt/2AQQ2vx
Submitted December 06, 2017 at 07:38AM by vadermuscle
via reddit http://ift.tt/2AyFnD1
http://ift.tt/2AQQ2vx
Submitted December 06, 2017 at 07:38AM by vadermuscle
via reddit http://ift.tt/2AyFnD1
BleepingComputer
Mailsploit Lets Attackers Send Spoofed Emails on Over 33 Email Clients
German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he collectively refers to as Mailsploit, and which allow an attacker to spoof email identities, and in some cases, run malicious code on the user's computer.