Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing
http://ift.tt/2kHJLMh
Submitted December 08, 2017 at 11:48PM by cwardnet
via reddit http://ift.tt/2AFYj2z
http://ift.tt/2kHJLMh
Submitted December 08, 2017 at 11:48PM by cwardnet
via reddit http://ift.tt/2AFYj2z
3 advanced prevention technologies expected to grow in 2018
http://ift.tt/2iEbOaO
Submitted December 09, 2017 at 01:02AM by SecurityTrust
via reddit http://ift.tt/2iIy4k2
http://ift.tt/2iEbOaO
Submitted December 09, 2017 at 01:02AM by SecurityTrust
via reddit http://ift.tt/2iIy4k2
CSO Online
3 advanced prevention technologies expected to grow in 2018
New advanced protection technologies will help organizations decrease the attack surface and simplify security operations.
Azure clear text FTP credentials are unchangeable, irremovable, unlockable and unlisted. They can change your any application and are valid for your every service app for your every subnoscription. Forever.
Please, someone, anyone, prove me wrong!
Submitted December 09, 2017 at 12:35AM by grbuffers
via reddit http://ift.tt/2kCPiDv
Please, someone, anyone, prove me wrong!
Submitted December 09, 2017 at 12:35AM by grbuffers
via reddit http://ift.tt/2kCPiDv
reddit
Azure clear text FTP credentials are unchangeable,... • r/security
Please, someone, anyone, prove me wrong!
I need to receive an e-mail from an unknown contact but do not want to share my actual e-mail address. Is there a way to do this?
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact address. Is there a way to create a ghost or temporary address that will forward my actual address the message once they send it?I may not be asking this correctly.
Submitted December 09, 2017 at 03:11AM by BawceHog
via reddit http://ift.tt/2kcJUTX
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact address. Is there a way to create a ghost or temporary address that will forward my actual address the message once they send it?I may not be asking this correctly.
Submitted December 09, 2017 at 03:11AM by BawceHog
via reddit http://ift.tt/2kcJUTX
reddit
I need to receive an e-mail from an unknown contact... • r/security
I am wanting to receive an e-mail with info from someone I met online. Nothing illegal or nefarious, but I would not like to share my exact...
4 hidden costs associated with pen testing
http://ift.tt/2AZoW5r
Submitted December 09, 2017 at 03:33AM by ju1i3k
via reddit http://ift.tt/2Bia42F
http://ift.tt/2AZoW5r
Submitted December 09, 2017 at 03:33AM by ju1i3k
via reddit http://ift.tt/2Bia42F
TechBeacon
4 hidden costs of pen testing
Traditional pen testing has hidden costs. Pen Testing as a Service (PTaaS) is one way to get more from your security spend. Here's why.
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out
http://ift.tt/2jpr2Bq
Submitted December 09, 2017 at 06:16AM by xtantin
via reddit http://ift.tt/2AnfsBn
http://ift.tt/2jpr2Bq
Submitted December 09, 2017 at 06:16AM by xtantin
via reddit http://ift.tt/2AnfsBn
9to5Mac
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out
A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers. Our unders…
1.4 Billion Clear Text Credentials Discovered in a Single Database
http://ift.tt/2iFLwoH
Submitted December 09, 2017 at 08:57AM by rdewalt
via reddit http://ift.tt/2AGutva
http://ift.tt/2iFLwoH
Submitted December 09, 2017 at 08:57AM by rdewalt
via reddit http://ift.tt/2AGutva
Medium
1.4 Billion Clear Text Credentials Discovered in a Single Database
A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.
HP keylogger
http://ift.tt/2iITgGL
Submitted December 09, 2017 at 02:20PM by coragr
via reddit http://ift.tt/2kFxWGd
http://ift.tt/2iITgGL
Submitted December 09, 2017 at 02:20PM by coragr
via reddit http://ift.tt/2kFxWGd
zwclose.github.io
HP keylogger
TL;DR:
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https:…
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https:…
Lost in Transaction: Process Doppelgänging (Complete Slide Deck)
http://ift.tt/2BTmNWm
Submitted December 08, 2017 at 06:10AM by tal_liberman
via reddit http://ift.tt/2ySOtva
http://ift.tt/2BTmNWm
Submitted December 08, 2017 at 06:10AM by tal_liberman
via reddit http://ift.tt/2ySOtva
New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit
http://ift.tt/2AA76VX
Submitted December 08, 2017 at 01:03AM by EvanConover
via reddit http://ift.tt/2nGDm4I
http://ift.tt/2AA76VX
Submitted December 08, 2017 at 01:03AM by EvanConover
via reddit http://ift.tt/2nGDm4I
FireEye
New Targeted Attack in the Middle East by APT34, a Suspected Iranian
Threat Group, Using CVE-2017-11882 Exploit « New Targeted…
Threat Group, Using CVE-2017-11882 Exploit « New Targeted…
FireEye has observed APT34 using an exploit for a recently patched Microsoft Office vulnerability to target a government organization in the Middle East.
Malpedia: a free collaborative platform for sharing malware samples
http://ift.tt/2BfekzL
Submitted December 09, 2017 at 07:20PM by 0xdea
via reddit http://ift.tt/2B1qiN5
http://ift.tt/2BfekzL
Submitted December 09, 2017 at 07:20PM by 0xdea
via reddit http://ift.tt/2B1qiN5
malpedia.caad.fkie.fraunhofer.de
Malpedia - Fraunhofer FKIE
A curated, high-quality malware corpus.
x86-64 Windows Jurassic Park Payload
http://ift.tt/2kf8Da0
Submitted December 09, 2017 at 07:43PM by zznop_
via reddit http://ift.tt/2C1pHbF
http://ift.tt/2kf8Da0
Submitted December 09, 2017 at 07:43PM by zznop_
via reddit http://ift.tt/2C1pHbF
GitHub
zznop/pop-nedry
pop-nedry - x86-64 Windows shellcode that recreates the Jurassic Park hacking scene (Ah, ah, ah... you didn't' say the magic word!)
Major OS upgrades with security fixes.
It is annoying that some companies (e.g., Apple's iOS) require major OS upgrades to get the security fixes. At the same time, you get new issues. I am curious about you guys, do you always get the newest OS upgrades to get their security fixes?Thank you in advance. :)
Submitted December 09, 2017 at 11:30PM by antdude
via reddit http://ift.tt/2yajQ0t
It is annoying that some companies (e.g., Apple's iOS) require major OS upgrades to get the security fixes. At the same time, you get new issues. I am curious about you guys, do you always get the newest OS upgrades to get their security fixes?Thank you in advance. :)
Submitted December 09, 2017 at 11:30PM by antdude
via reddit http://ift.tt/2yajQ0t
reddit
Major OS upgrades with security fixes. • r/security
It is annoying that some companies (e.g., Apple's iOS) require major OS upgrades to get the security fixes. At the same time, you get new issues....
UK Warns Government Agencies not to use Kaspersky Software
http://ift.tt/2ACWxly
Submitted December 10, 2017 at 01:37AM by cmstrump
via reddit http://ift.tt/2ARxevN
http://ift.tt/2ACWxly
Submitted December 10, 2017 at 01:37AM by cmstrump
via reddit http://ift.tt/2ARxevN
VOA
UK Warns Government Agencies not to use Kaspersky Software
Ciaran Martin, head of the National Cyber Security Centre, said 'Russia is acting against the U.K.'s national interest in cyberspace'
Top-selling handgun safe can be remotely opened in seconds - no PIN needed
http://ift.tt/2BZo1zt
Submitted December 10, 2017 at 08:20AM by NISMO1968
via reddit http://ift.tt/2ARFJa3
http://ift.tt/2BZo1zt
Submitted December 10, 2017 at 08:20AM by NISMO1968
via reddit http://ift.tt/2ARFJa3
Ars Technica
Top-selling handgun safe can be remotely opened in seconds—no PIN needed
Not clear if issue with highly-rated safe can be patched.
Intel Management Engine Critical Firmware Update (Intel-SA-00086)
http://ift.tt/2zTW51K
Submitted December 10, 2017 at 07:09PM by QuirkySpiceBush
via reddit http://ift.tt/2AS0mmw
http://ift.tt/2zTW51K
Submitted December 10, 2017 at 07:09PM by QuirkySpiceBush
via reddit http://ift.tt/2AS0mmw
Intel
Intel® Management Engine Critical Firmware Update (Intel-SA-00086)
Security Advisory (Intel-SA-00086), a critical firmware vulnerability in systems.
HP keylogger
http://ift.tt/2iITgGL
Submitted December 10, 2017 at 08:16PM by speckz
via reddit http://ift.tt/2jlGqSL
http://ift.tt/2iITgGL
Submitted December 10, 2017 at 08:16PM by speckz
via reddit http://ift.tt/2jlGqSL
zwclose.github.io
HP keylogger
TL;DR:
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https:…
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https:…
1.4 Billion Clear Text Credentials Discovered in a Single Database
http://ift.tt/2iFLwoH
Submitted December 10, 2017 at 08:01PM by speckz
via reddit http://ift.tt/2keMokC
http://ift.tt/2iFLwoH
Submitted December 10, 2017 at 08:01PM by speckz
via reddit http://ift.tt/2keMokC
Medium
1.4 Billion Clear Text Credentials Discovered in a Single Database
A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.
You can actually put an invalid password and still log into Facebook.
My friend acidentally put a typo into his Facebook password. I've tried it as well and you CAN log into your account. If you add extra sign to your password, it will still let you log. Example: my password is "Password". I try logging in using the password "Password1" – it allows you.
Submitted December 10, 2017 at 08:35PM by Miscyfion
via reddit http://ift.tt/2BsUYr1
My friend acidentally put a typo into his Facebook password. I've tried it as well and you CAN log into your account. If you add extra sign to your password, it will still let you log. Example: my password is "Password". I try logging in using the password "Password1" – it allows you.
Submitted December 10, 2017 at 08:35PM by Miscyfion
via reddit http://ift.tt/2BsUYr1
reddit
You can actually put an invalid password and still... • r/security
My friend acidentally put a typo into his Facebook password. I've tried it as well and you CAN log into your account. If you add extra sign to...
Anyone can steal all of chrome saved passwords, form fields, bookmarks, history
http://ift.tt/2BrjAjI
Submitted December 10, 2017 at 08:41PM by micgob
via reddit http://ift.tt/2yWgGBp
http://ift.tt/2BrjAjI
Submitted December 10, 2017 at 08:41PM by micgob
via reddit http://ift.tt/2yWgGBp
Medium
Anyone can steal all of chrome saved passwords, form fields, bookmarks, history
You can try it with your friends at work or with anyone that gives you access to a computer… it’s really funny but dangerous. I reported…
PowerShell noscript to dump generic Windows credentials from the Credential Manager without admin
http://ift.tt/2B87hIO
Submitted December 10, 2017 at 08:50PM by peewpw
via reddit http://ift.tt/2kjTWTo
http://ift.tt/2B87hIO
Submitted December 10, 2017 at 08:50PM by peewpw
via reddit http://ift.tt/2kjTWTo
GitHub
peewpw/Invoke-WCMDump
Invoke-WCMDump - PowerShell Script to Dump Windows Credentials from the Credential Manager