A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
http://ift.tt/2iqdHIn
Submitted December 08, 2017 at 10:45PM by EvanConover
via reddit http://ift.tt/2AFS66L
http://ift.tt/2iqdHIn
Submitted December 08, 2017 at 10:45PM by EvanConover
via reddit http://ift.tt/2AFS66L
Phishlabs
A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
As more websites obtain SSL certificates, the number of potential HTTPS websites available for compromise increases.
Is the password Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa is as secure as HonestAbePassedOutFourScoreAndSevenBeersAgo? (same entropy)
x-post from my own comment on this threadAfter posting that I'm suddenly unsure of myself. I've always wondered if the number 1 was less secure than a 9, since the brute force guesses would presumably start at 1.
Submitted December 09, 2017 at 12:08AM by daweinah
via reddit http://ift.tt/2kcFH2y
x-post from my own comment on this threadAfter posting that I'm suddenly unsure of myself. I've always wondered if the number 1 was less secure than a 9, since the brute force guesses would presumably start at 1.
Submitted December 09, 2017 at 12:08AM by daweinah
via reddit http://ift.tt/2kcFH2y
reddit
Made a QR Code coaster for when I have guest and... • r/3Dprinting
reddit: the front page of the internet
Data exfiltration with Metasploit. Meterpreter DNS tunnel project pre-released
http://ift.tt/2BjMAdx
Submitted December 07, 2017 at 05:20AM by agrrrdog
via reddit http://ift.tt/2kC9iWZ
http://ift.tt/2BjMAdx
Submitted December 07, 2017 at 05:20AM by agrrrdog
via reddit http://ift.tt/2kC9iWZ
asintsov.blogspot.co.uk
Data exfiltration with Metasploit: meterpreter DNS tunnel
Meterpreter is a well-known Metasploit [1] remote agent for pentester's needs. This multi-staged payload is a good, flexible and easy-...
Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing
http://ift.tt/2kHJLMh
Submitted December 08, 2017 at 11:48PM by cwardnet
via reddit http://ift.tt/2AFYj2z
http://ift.tt/2kHJLMh
Submitted December 08, 2017 at 11:48PM by cwardnet
via reddit http://ift.tt/2AFYj2z
3 advanced prevention technologies expected to grow in 2018
http://ift.tt/2iEbOaO
Submitted December 09, 2017 at 01:02AM by SecurityTrust
via reddit http://ift.tt/2iIy4k2
http://ift.tt/2iEbOaO
Submitted December 09, 2017 at 01:02AM by SecurityTrust
via reddit http://ift.tt/2iIy4k2
CSO Online
3 advanced prevention technologies expected to grow in 2018
New advanced protection technologies will help organizations decrease the attack surface and simplify security operations.
Azure clear text FTP credentials are unchangeable, irremovable, unlockable and unlisted. They can change your any application and are valid for your every service app for your every subnoscription. Forever.
Please, someone, anyone, prove me wrong!
Submitted December 09, 2017 at 12:35AM by grbuffers
via reddit http://ift.tt/2kCPiDv
Please, someone, anyone, prove me wrong!
Submitted December 09, 2017 at 12:35AM by grbuffers
via reddit http://ift.tt/2kCPiDv
reddit
Azure clear text FTP credentials are unchangeable,... • r/security
Please, someone, anyone, prove me wrong!
I need to receive an e-mail from an unknown contact but do not want to share my actual e-mail address. Is there a way to do this?
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact address. Is there a way to create a ghost or temporary address that will forward my actual address the message once they send it?I may not be asking this correctly.
Submitted December 09, 2017 at 03:11AM by BawceHog
via reddit http://ift.tt/2kcJUTX
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact address. Is there a way to create a ghost or temporary address that will forward my actual address the message once they send it?I may not be asking this correctly.
Submitted December 09, 2017 at 03:11AM by BawceHog
via reddit http://ift.tt/2kcJUTX
reddit
I need to receive an e-mail from an unknown contact... • r/security
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact...
4 hidden costs associated with pen testing
http://ift.tt/2AZoW5r
Submitted December 09, 2017 at 03:33AM by ju1i3k
via reddit http://ift.tt/2Bia42F
http://ift.tt/2AZoW5r
Submitted December 09, 2017 at 03:33AM by ju1i3k
via reddit http://ift.tt/2Bia42F
TechBeacon
4 hidden costs of pen testing
Traditional pen testing has hidden costs. Pen Testing as a Service (PTaaS) is one way to get more from your security spend. Here's why.
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out
http://ift.tt/2jpr2Bq
Submitted December 09, 2017 at 06:16AM by xtantin
via reddit http://ift.tt/2AnfsBn
http://ift.tt/2jpr2Bq
Submitted December 09, 2017 at 06:16AM by xtantin
via reddit http://ift.tt/2AnfsBn
9to5Mac
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out
A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers. Our unders…
1.4 Billion Clear Text Credentials Discovered in a Single Database
http://ift.tt/2iFLwoH
Submitted December 09, 2017 at 08:57AM by rdewalt
via reddit http://ift.tt/2AGutva
http://ift.tt/2iFLwoH
Submitted December 09, 2017 at 08:57AM by rdewalt
via reddit http://ift.tt/2AGutva
Medium
1.4 Billion Clear Text Credentials Discovered in a Single Database
A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.
HP keylogger
http://ift.tt/2iITgGL
Submitted December 09, 2017 at 02:20PM by coragr
via reddit http://ift.tt/2kFxWGd
http://ift.tt/2iITgGL
Submitted December 09, 2017 at 02:20PM by coragr
via reddit http://ift.tt/2kFxWGd
zwclose.github.io
HP keylogger
TL;DR:
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https:…
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https:…
Lost in Transaction: Process Doppelgänging (Complete Slide Deck)
http://ift.tt/2BTmNWm
Submitted December 08, 2017 at 06:10AM by tal_liberman
via reddit http://ift.tt/2ySOtva
http://ift.tt/2BTmNWm
Submitted December 08, 2017 at 06:10AM by tal_liberman
via reddit http://ift.tt/2ySOtva
New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit
http://ift.tt/2AA76VX
Submitted December 08, 2017 at 01:03AM by EvanConover
via reddit http://ift.tt/2nGDm4I
http://ift.tt/2AA76VX
Submitted December 08, 2017 at 01:03AM by EvanConover
via reddit http://ift.tt/2nGDm4I
FireEye
New Targeted Attack in the Middle East by APT34, a Suspected Iranian
Threat Group, Using CVE-2017-11882 Exploit « New Targeted…
Threat Group, Using CVE-2017-11882 Exploit « New Targeted…
FireEye has observed APT34 using an exploit for a recently patched Microsoft Office vulnerability to target a government organization in the Middle East.
Malpedia: a free collaborative platform for sharing malware samples
http://ift.tt/2BfekzL
Submitted December 09, 2017 at 07:20PM by 0xdea
via reddit http://ift.tt/2B1qiN5
http://ift.tt/2BfekzL
Submitted December 09, 2017 at 07:20PM by 0xdea
via reddit http://ift.tt/2B1qiN5
malpedia.caad.fkie.fraunhofer.de
Malpedia - Fraunhofer FKIE
A curated, high-quality malware corpus.
x86-64 Windows Jurassic Park Payload
http://ift.tt/2kf8Da0
Submitted December 09, 2017 at 07:43PM by zznop_
via reddit http://ift.tt/2C1pHbF
http://ift.tt/2kf8Da0
Submitted December 09, 2017 at 07:43PM by zznop_
via reddit http://ift.tt/2C1pHbF
GitHub
zznop/pop-nedry
pop-nedry - x86-64 Windows shellcode that recreates the Jurassic Park hacking scene (Ah, ah, ah... you didn't' say the magic word!)
Major OS upgrades with security fixes.
It is annoying that some companies (e.g., Apple's iOS) require major OS upgrades to get the security fixes. At the same time, you get new issues. I am curious about you guys, do you always get the newest OS upgrades to get their security fixes?Thank you in advance. :)
Submitted December 09, 2017 at 11:30PM by antdude
via reddit http://ift.tt/2yajQ0t
It is annoying that some companies (e.g., Apple's iOS) require major OS upgrades to get the security fixes. At the same time, you get new issues. I am curious about you guys, do you always get the newest OS upgrades to get their security fixes?Thank you in advance. :)
Submitted December 09, 2017 at 11:30PM by antdude
via reddit http://ift.tt/2yajQ0t
reddit
Major OS upgrades with security fixes. • r/security
It is annoying that some companies (e.g., Apple's iOS) require major OS upgrades to get the security fixes. At the same time, you get new issues....
UK Warns Government Agencies not to use Kaspersky Software
http://ift.tt/2ACWxly
Submitted December 10, 2017 at 01:37AM by cmstrump
via reddit http://ift.tt/2ARxevN
http://ift.tt/2ACWxly
Submitted December 10, 2017 at 01:37AM by cmstrump
via reddit http://ift.tt/2ARxevN
VOA
UK Warns Government Agencies not to use Kaspersky Software
Ciaran Martin, head of the National Cyber Security Centre, said 'Russia is acting against the U.K.'s national interest in cyberspace'
Top-selling handgun safe can be remotely opened in seconds - no PIN needed
http://ift.tt/2BZo1zt
Submitted December 10, 2017 at 08:20AM by NISMO1968
via reddit http://ift.tt/2ARFJa3
http://ift.tt/2BZo1zt
Submitted December 10, 2017 at 08:20AM by NISMO1968
via reddit http://ift.tt/2ARFJa3
Ars Technica
Top-selling handgun safe can be remotely opened in seconds—no PIN needed
Not clear if issue with highly-rated safe can be patched.
Intel Management Engine Critical Firmware Update (Intel-SA-00086)
http://ift.tt/2zTW51K
Submitted December 10, 2017 at 07:09PM by QuirkySpiceBush
via reddit http://ift.tt/2AS0mmw
http://ift.tt/2zTW51K
Submitted December 10, 2017 at 07:09PM by QuirkySpiceBush
via reddit http://ift.tt/2AS0mmw
Intel
Intel® Management Engine Critical Firmware Update (Intel-SA-00086)
Security Advisory (Intel-SA-00086), a critical firmware vulnerability in systems.
HP keylogger
http://ift.tt/2iITgGL
Submitted December 10, 2017 at 08:16PM by speckz
via reddit http://ift.tt/2jlGqSL
http://ift.tt/2iITgGL
Submitted December 10, 2017 at 08:16PM by speckz
via reddit http://ift.tt/2jlGqSL
zwclose.github.io
HP keylogger
TL;DR:
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https:…
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https:…
1.4 Billion Clear Text Credentials Discovered in a Single Database
http://ift.tt/2iFLwoH
Submitted December 10, 2017 at 08:01PM by speckz
via reddit http://ift.tt/2keMokC
http://ift.tt/2iFLwoH
Submitted December 10, 2017 at 08:01PM by speckz
via reddit http://ift.tt/2keMokC
Medium
1.4 Billion Clear Text Credentials Discovered in a Single Database
A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.