The BSidesSF 2020 CFP is now closed. See all our amazing speakers February 22-24, 2020 in San Francisco.Questions? E-mail program [at] bsidessf.org

The German Interior Minister is preparing a law that will force device manufacturers to include backdoors within their products that law...

Google gives Administrators new ways to lock down the browser.

Where we encounter the problem of applying the most modern security model we have to the most capable data centers we run and discover the two may come from different eras.

Service accounts are commonly created as part of an application's installation procedure and can lead to significant security risks

7 points and 3 comments so far on reddit

@TroyHunt #DataSecurity #authentication #databreaches

This week we discuss the long-awaited end of StartCom & StartSSL, inside last week's macOS passwordless root account access and problems with Apple's patches, the question of A…

In this blog post i will cover QNX's Qnet native networking protocol and an Elevation of Privilege vulnerability (CVE-2017-3891) i discovered in it.

Yesterday I gave a talk at Black Hat about my recent research with Disco.
I've introduced both the Strobe protocol framework and the Noise protocol framework in the past. So I won't go over them again, but I advise you to read these two blog posts before…

A new bill could send company executives to jail if they fail to disclose a cybersecurity event to the public within a reasonable amount of time, or intentionally attempt to conceal it.

"Based on the leaked database they appear to collect everything from contacts to keystrokes," researchers said.

A behind-the-scenes look at the hacks in “eps3.8_stage3.torrent”, featuring memory forensics, rootkits, fuzzing, covert C2, and more!

Microsoft Issues Emergency Patch For 'Critical' RCE Bug (CVE-2017-11937) in Windows Malware Protection Engine

6 points and 4 comments so far on reddit

… and it was still in use for more than 100 days after the initial report

3 points and 0 comments so far on reddit

In June 2017, JPCERT/CC released a report “Detecting Lateral Movement through Tracking Event Logs” on tools and commands that are likely used by attackers in lateral movement, and traces that are left on Windows OS as a result of such...

This week's TTT episode talks about the cloud file, note and thought organizer Evernote. Over the years Evernote has solidified themselves as a robust, feature full online cloud and productivity tool. Use it to store receipts, manuals, web articles, thoughts…