macOS High Sierra 10.13.1 insecure cron system
http://ift.tt/2BThGFI
Submitted December 08, 2017 at 03:29PM by lyinch
via reddit http://ift.tt/2AovEm0
http://ift.tt/2BThGFI
Submitted December 08, 2017 at 03:29PM by lyinch
via reddit http://ift.tt/2AovEm0
Equifax to Uber, executives could soon serve jail time over hacks
http://ift.tt/2njNMXQ
Submitted December 08, 2017 at 03:13PM by GemmaJ123
via reddit http://ift.tt/2jvbWdL
http://ift.tt/2njNMXQ
Submitted December 08, 2017 at 03:13PM by GemmaJ123
via reddit http://ift.tt/2jvbWdL
Fox Business
Equifax to Uber, executives could soon serve jail time over hacks
A new bill could send company executives to jail if they fail to disclose a cybersecurity event to the public within a reasonable amount of time, or intentionally attempt to conceal it.
Ai.Type data leak: 31 million users' personal data exposed due to MongoDB cloud configuration error
http://ift.tt/2iYf2dm
Submitted December 08, 2017 at 03:13PM by GemmaJ123
via reddit http://ift.tt/2kzp4BR
http://ift.tt/2iYf2dm
Submitted December 08, 2017 at 03:13PM by GemmaJ123
via reddit http://ift.tt/2kzp4BR
International Business Times UK
Ai.Type data leak: 31 million users' personal data exposed due to MongoDB cloud configuration error
"Based on the leaked database they appear to collect everything from contacts to keystrokes," researchers said.
Dark Army has 600k+ implants (Mr Robot ep3.8 writeup)
http://ift.tt/2AEWy85
Submitted December 08, 2017 at 03:48PM by fr3dsmith
via reddit http://ift.tt/2BhwDUZ
http://ift.tt/2AEWy85
Submitted December 08, 2017 at 03:48PM by fr3dsmith
via reddit http://ift.tt/2BhwDUZ
Medium
Mr. Robot Disassembled: eps3.8_stage3.torrent
A behind-the-scenes look at the hacks in “eps3.8_stage3.torrent”, featuring memory forensics, rootkits, fuzzing, covert C2, and more!
Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability
http://ift.tt/2A2rU5e
Submitted December 08, 2017 at 06:16PM by Got_Intel
via reddit http://ift.tt/2yOKgZk
http://ift.tt/2A2rU5e
Submitted December 08, 2017 at 06:16PM by Got_Intel
via reddit http://ift.tt/2yOKgZk
The Hacker News
Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability
Microsoft Issues Emergency Patch For 'Critical' RCE Bug (CVE-2017-11937) in Windows Malware Protection Engine
How I Hacked WhatsApp, and Added Contacts to Groups When Being Blocked
http://ift.tt/2A3gQF6
Submitted December 08, 2017 at 06:33PM by HUCK45
via reddit http://ift.tt/2B2nBuA
http://ift.tt/2A3gQF6
Submitted December 08, 2017 at 06:33PM by HUCK45
via reddit http://ift.tt/2B2nBuA
reddit
How I Hacked WhatsApp, and Added Contacts to Groups... • r/netsec
6 points and 4 comments so far on reddit
Microsoft leaks TLS private key for cloud ERP product (and it was still in use for more than 100 days after the initial report)
http://ift.tt/2AG2Bcy
Submitted December 08, 2017 at 06:29PM by grepnork
via reddit http://ift.tt/2AFnDG6
http://ift.tt/2AG2Bcy
Submitted December 08, 2017 at 06:29PM by grepnork
via reddit http://ift.tt/2AFnDG6
Medium
Microsoft leaks TLS private key for cloud ERP product
… and it was still in use for more than 100 days after the initial report
Another Flip in the Wall of Rowhammer Defenses
http://ift.tt/2hJFdDA
Submitted December 08, 2017 at 06:29PM by NagateTanikaze
via reddit http://ift.tt/2B3Pkv3
http://ift.tt/2hJFdDA
Submitted December 08, 2017 at 06:29PM by NagateTanikaze
via reddit http://ift.tt/2B3Pkv3
reddit
Another Flip in the Wall of Rowhammer Defenses • r/netsec
3 points and 0 comments so far on reddit
Detecting Lateral Movement through Tracking Event Logs (Version 2). By JPCERT
http://ift.tt/2imU0Ba
Submitted December 08, 2017 at 06:14PM by 2xyo
via reddit http://ift.tt/2nJOHRw
http://ift.tt/2imU0Ba
Submitted December 08, 2017 at 06:14PM by 2xyo
via reddit http://ift.tt/2nJOHRw
JPCERT/CC Blog
Research Report Released: Detecting Lateral Movement through Tracking Event Logs (Version 2)
In June 2017, JPCERT/CC released a report “Detecting Lateral Movement through Tracking Event Logs” on tools and commands that are likely used by attackers in lateral movement, and traces that are left on Windows OS as a result of such...
Security In 5: Episode 128 - Tools, Tips and Tricks - Evernote
http://ift.tt/2jwfv3v
Submitted December 08, 2017 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2BPloiD
http://ift.tt/2jwfv3v
Submitted December 08, 2017 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2BPloiD
Libsyn
Security In Five Podcast: Episode 128 - Tools, Tips and Tricks - Evernote
This week's TTT episode talks about the cloud file, note and thought organizer Evernote. Over the years Evernote has solidified themselves as a robust, feature full online cloud and productivity tool. Use it to store receipts, manuals, web articles, thoughts…
New Android vulnerability allows attackers to modify apps without affecting their signatures
http://ift.tt/2A2ieHV
Submitted December 08, 2017 at 08:06PM by speckz
via reddit http://ift.tt/2kDcLVg
http://ift.tt/2A2ieHV
Submitted December 08, 2017 at 08:06PM by speckz
via reddit http://ift.tt/2kDcLVg
GuardSquare
New Android vulnerability allows attackers to modify apps without affecting their signatures
A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named…
OSCP Course & Exam Preparation
http://ift.tt/2j6Wdo6
Submitted December 08, 2017 at 08:32PM by 411Hall
via reddit http://ift.tt/2jwfdcP
http://ift.tt/2j6Wdo6
Submitted December 08, 2017 at 08:32PM by 411Hall
via reddit http://ift.tt/2jwfdcP
Ellingson Mineral
OSCP Course & Exam Preparation
Full disclosure I am not a penetration tester and I failed my OSCP exam twice before eventually passing on the third attempt. I owned more than 90% of boxes in the labs (including the big three) but when it came to the exam I just kept bombing out. I am…
A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
http://ift.tt/2iqdHIn
Submitted December 08, 2017 at 10:45PM by EvanConover
via reddit http://ift.tt/2AFS66L
http://ift.tt/2iqdHIn
Submitted December 08, 2017 at 10:45PM by EvanConover
via reddit http://ift.tt/2AFS66L
Phishlabs
A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
As more websites obtain SSL certificates, the number of potential HTTPS websites available for compromise increases.
Is the password Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa is as secure as HonestAbePassedOutFourScoreAndSevenBeersAgo? (same entropy)
x-post from my own comment on this threadAfter posting that I'm suddenly unsure of myself. I've always wondered if the number 1 was less secure than a 9, since the brute force guesses would presumably start at 1.
Submitted December 09, 2017 at 12:08AM by daweinah
via reddit http://ift.tt/2kcFH2y
x-post from my own comment on this threadAfter posting that I'm suddenly unsure of myself. I've always wondered if the number 1 was less secure than a 9, since the brute force guesses would presumably start at 1.
Submitted December 09, 2017 at 12:08AM by daweinah
via reddit http://ift.tt/2kcFH2y
reddit
Made a QR Code coaster for when I have guest and... • r/3Dprinting
reddit: the front page of the internet
Data exfiltration with Metasploit. Meterpreter DNS tunnel project pre-released
http://ift.tt/2BjMAdx
Submitted December 07, 2017 at 05:20AM by agrrrdog
via reddit http://ift.tt/2kC9iWZ
http://ift.tt/2BjMAdx
Submitted December 07, 2017 at 05:20AM by agrrrdog
via reddit http://ift.tt/2kC9iWZ
asintsov.blogspot.co.uk
Data exfiltration with Metasploit: meterpreter DNS tunnel
Meterpreter is a well-known Metasploit [1] remote agent for pentester's needs. This multi-staged payload is a good, flexible and easy-...
Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing
http://ift.tt/2kHJLMh
Submitted December 08, 2017 at 11:48PM by cwardnet
via reddit http://ift.tt/2AFYj2z
http://ift.tt/2kHJLMh
Submitted December 08, 2017 at 11:48PM by cwardnet
via reddit http://ift.tt/2AFYj2z
3 advanced prevention technologies expected to grow in 2018
http://ift.tt/2iEbOaO
Submitted December 09, 2017 at 01:02AM by SecurityTrust
via reddit http://ift.tt/2iIy4k2
http://ift.tt/2iEbOaO
Submitted December 09, 2017 at 01:02AM by SecurityTrust
via reddit http://ift.tt/2iIy4k2
CSO Online
3 advanced prevention technologies expected to grow in 2018
New advanced protection technologies will help organizations decrease the attack surface and simplify security operations.
Azure clear text FTP credentials are unchangeable, irremovable, unlockable and unlisted. They can change your any application and are valid for your every service app for your every subnoscription. Forever.
Please, someone, anyone, prove me wrong!
Submitted December 09, 2017 at 12:35AM by grbuffers
via reddit http://ift.tt/2kCPiDv
Please, someone, anyone, prove me wrong!
Submitted December 09, 2017 at 12:35AM by grbuffers
via reddit http://ift.tt/2kCPiDv
reddit
Azure clear text FTP credentials are unchangeable,... • r/security
Please, someone, anyone, prove me wrong!
I need to receive an e-mail from an unknown contact but do not want to share my actual e-mail address. Is there a way to do this?
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact address. Is there a way to create a ghost or temporary address that will forward my actual address the message once they send it?I may not be asking this correctly.
Submitted December 09, 2017 at 03:11AM by BawceHog
via reddit http://ift.tt/2kcJUTX
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact address. Is there a way to create a ghost or temporary address that will forward my actual address the message once they send it?I may not be asking this correctly.
Submitted December 09, 2017 at 03:11AM by BawceHog
via reddit http://ift.tt/2kcJUTX
reddit
I need to receive an e-mail from an unknown contact... • r/security
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact...
4 hidden costs associated with pen testing
http://ift.tt/2AZoW5r
Submitted December 09, 2017 at 03:33AM by ju1i3k
via reddit http://ift.tt/2Bia42F
http://ift.tt/2AZoW5r
Submitted December 09, 2017 at 03:33AM by ju1i3k
via reddit http://ift.tt/2Bia42F
TechBeacon
4 hidden costs of pen testing
Traditional pen testing has hidden costs. Pen Testing as a Service (PTaaS) is one way to get more from your security spend. Here's why.
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out
http://ift.tt/2jpr2Bq
Submitted December 09, 2017 at 06:16AM by xtantin
via reddit http://ift.tt/2AnfsBn
http://ift.tt/2jpr2Bq
Submitted December 09, 2017 at 06:16AM by xtantin
via reddit http://ift.tt/2AnfsBn
9to5Mac
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out
A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers. Our unders…