Interesting new research: 24% of corporate devices connect to insecure WiFi. What policies to you have at your company to protect this?
http://ift.tt/2iSSd7a
Submitted December 11, 2017 at 07:49PM by pxlprincess
via reddit http://ift.tt/2kXPduw
http://ift.tt/2iSSd7a
Submitted December 11, 2017 at 07:49PM by pxlprincess
via reddit http://ift.tt/2kXPduw
Wandera
Wi-Fi risks: 5 reasons why you shouldn't trust Wi-Fi
Every Wi-Fi hotspot is a window to your sensitive data, so why do so many people trust it? We've uncovered the biggest Wi-Fi risks.
Hidden keylogger found on HP laptops
http://ift.tt/2jw7L4v
Submitted December 11, 2017 at 07:39PM by DuncanIdahos8thClone
via reddit http://ift.tt/2iTyXGH
http://ift.tt/2jw7L4v
Submitted December 11, 2017 at 07:39PM by DuncanIdahos8thClone
via reddit http://ift.tt/2iTyXGH
BBC News
HP laptops found to have hidden keylogger
A researcher finds more than 460 models have the hidden software pre-installed.
Sallie Mae CISO: 4 Technologies That Will Shape IT ...
http://ift.tt/2j7ncwA
Submitted December 11, 2017 at 09:50PM by SecurityTrust
via reddit http://ift.tt/2BUtlU3
http://ift.tt/2j7ncwA
Submitted December 11, 2017 at 09:50PM by SecurityTrust
via reddit http://ift.tt/2BUtlU3
Dark Reading
Sallie Mae CISO: 4 Technologies That Will Shape IT Security
'The world as we know it will vanish,' according to Jerry Archer.
Metasploitable3 CTF (Linux) Write-Up
http://ift.tt/2C1aHL3
Submitted December 11, 2017 at 10:45PM by tmsteen
via reddit http://ift.tt/2kmp58G
http://ift.tt/2C1aHL3
Submitted December 11, 2017 at 10:45PM by tmsteen
via reddit http://ift.tt/2kmp58G
The Random Adventure That Is Life (RATIL)
Metasploitable3 CTF
Rapid7 just wrapped up the second of their Metsploitable3 CTFs, this time for the Linux version of the intentionally vulnerable OS that both beginner and advanced hackers can hone their skills on. They only allowed 500 participants/teams worldwide. I had…
Giving away a free lifetime membership at the Hacking Dojo
http://ift.tt/2iN8kDi
Submitted December 11, 2017 at 10:16PM by hackingdojo
via reddit http://ift.tt/2AvHwm4
http://ift.tt/2iN8kDi
Submitted December 11, 2017 at 10:16PM by hackingdojo
via reddit http://ift.tt/2AvHwm4
reddit
Giving away a free lifetime membership at the... • r/netsecstudents
I try and do something around the holidays to give back to the hacker community, and have dropped the ball this time... so decided to just give...
Extended Validation is Broken
https://stripe.ian.sh/
Submitted December 11, 2017 at 11:50PM by iancarroll
via reddit http://ift.tt/2jyq4WN
https://stripe.ian.sh/
Submitted December 11, 2017 at 11:50PM by iancarroll
via reddit http://ift.tt/2jyq4WN
reddit
Extended Validation is Broken • r/netsec
1 points and 0 comments so far on reddit
Using Trusted Sites for Command and Control (c2)
http://ift.tt/2z283VE
Submitted December 12, 2017 at 12:01AM by nopslider
via reddit http://ift.tt/2kZX6PY
http://ift.tt/2z283VE
Submitted December 12, 2017 at 12:01AM by nopslider
via reddit http://ift.tt/2kZX6PY
Breaking ThunderShell RAT C2
http://ift.tt/2kocxxl
Submitted December 12, 2017 at 12:42AM by errprone
via reddit http://ift.tt/2Abwzlk
http://ift.tt/2kocxxl
Submitted December 12, 2017 at 12:42AM by errprone
via reddit http://ift.tt/2Abwzlk
Bit Rot
Hunting ThunderShell C2
Introduction ThunderShell is a PowerShell based Remote Access Tool (RAT) that relies on HTTP requests to communicate with the C2. All of the traffic is subsequently encrypted with RC4 in order to …
async_wake exploit by Ian Beer gets tfp0 on all 64-bit iOS devices up to 11.1.2
http://ift.tt/2jORODv
Submitted December 12, 2017 at 12:40AM by 0xdea
via reddit http://ift.tt/2z1X7HN
http://ift.tt/2jORODv
Submitted December 12, 2017 at 12:40AM by 0xdea
via reddit http://ift.tt/2z1X7HN
reddit
async_wake exploit by Ian Beer gets tfp0 on all 64-bit... • r/netsec
1 points and 1 comments so far on reddit
Exploiting Word: CVE-2017-11826
http://ift.tt/2kWZ3wv
Submitted December 12, 2017 at 01:35AM by overflowingInt
via reddit http://ift.tt/2BUUS7R
http://ift.tt/2kWZ3wv
Submitted December 12, 2017 at 01:35AM by overflowingInt
via reddit http://ift.tt/2BUUS7R
Tarlogic Security - Cyber Security and Ethical hacking
Exploiting Word: CVE-2017-11826
Coincidentially with the beggining of an APT simulation engagement in the Red Team, a patch was issued my Microsoft fixing some vulnerabilities (CVE-2017-11826) affecting MS Office. The patch, which fixed a memory corruption bug, was first published on October…
Acquiring a Memory Dump from Fleeting Malware
http://ift.tt/2BjFcui
Submitted December 12, 2017 at 05:14AM by volci
via reddit http://ift.tt/2C3oDUB
http://ift.tt/2BjFcui
Submitted December 12, 2017 at 05:14AM by volci
via reddit http://ift.tt/2C3oDUB
digital-forensics.sans.org
SANS Digital Forensics and Incident Response Blog | Acquiring a Memory Dump from Fleeting Malware | SANS Institute
SANS Digital Forensics and Incident Response Blog blog pertaining to Acquiring a Memory Dump from Fleeting Malware
Hackers Alert- A guide to keeping your ATM credentials safe from ATM skimming
http://ift.tt/2AaVeql
Submitted December 12, 2017 at 04:49AM by muneebmughal786
via reddit http://ift.tt/2z23H0R
http://ift.tt/2AaVeql
Submitted December 12, 2017 at 04:49AM by muneebmughal786
via reddit http://ift.tt/2z23H0R
Tech Chacho
Hackers Alert- A guide to keeping your ATM credentials safe from ATM skimming - Tech Chacho
Do you think your electronic gadgets, your machines or anything you have secured using passwords is actually secured? Well if u think like that then sorry to say but you are living in a fool’s paradise. Nowadays hackers are able to get through any of your…
Don’t trust all SSL / TLS certificates
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 04:38AM by binaryfigments
via reddit http://ift.tt/2ygGrbP
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 04:38AM by binaryfigments
via reddit http://ift.tt/2ygGrbP
Binary Figments
Don’t trust all SSL / TLS certificates
Earlier I did a story about CSR checkers from CA’s and their resellers. This was a nice thing to do and an eyeopener for some people. Now, I went for the certificate checkers! I generated my …
Dropbox security is abysmal
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got to Dropbox, which I have not used in years. Yeeeaaars. And clicked 'launch' and lo and behold not only did it bring me to the login screen, it brought me to my main dashboard. I just sorta blinked at it like, 'Wha? Where's the login screen? Why am I staring at my files like this is fine?'Again, I haven't logged in in three years. This is insane.So then I go to the update password section as intended and to do so you're asked to enter your old password (pretty standard) and then your new password. Once. Not twice to verify, but just once.What a fucking mess.I have a couple of photo albums and some songs to share with my family so whatever, but some people rely on Dropbox for a lot more so this is just absurd.Now, I know that they also offer additional security features like 2 factor, but just as a baseline this is dumb.
Submitted December 12, 2017 at 09:39AM by tetsuo316
via reddit http://ift.tt/2BDA8FC
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got to Dropbox, which I have not used in years. Yeeeaaars. And clicked 'launch' and lo and behold not only did it bring me to the login screen, it brought me to my main dashboard. I just sorta blinked at it like, 'Wha? Where's the login screen? Why am I staring at my files like this is fine?'Again, I haven't logged in in three years. This is insane.So then I go to the update password section as intended and to do so you're asked to enter your old password (pretty standard) and then your new password. Once. Not twice to verify, but just once.What a fucking mess.I have a couple of photo albums and some songs to share with my family so whatever, but some people rely on Dropbox for a lot more so this is just absurd.Now, I know that they also offer additional security features like 2 factor, but just as a baseline this is dumb.
Submitted December 12, 2017 at 09:39AM by tetsuo316
via reddit http://ift.tt/2BDA8FC
reddit
Dropbox security is abysmal • r/security
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got...
RFC: Mobile App Security
https://twitter.com/JigarMJoshi/status/940081161757265920
Submitted December 12, 2017 at 12:08PM by 1ECz
via reddit http://ift.tt/2AxPrza
https://twitter.com/JigarMJoshi/status/940081161757265920
Submitted December 12, 2017 at 12:08PM by 1ECz
via reddit http://ift.tt/2AxPrza
Twitter
Jigar
Mobile apps along with user permissions, must also declared fixed set of domains it can make network connections to. Plain text data transport from mobile app must also warn users like browsers also allow user to disable it too. #security #MobileApps #MobileSecurity
Une societe de securite ile de france
https://www.hamiwes.com
Submitted December 12, 2017 at 12:27PM by hamiwes01
via reddit http://ift.tt/2B7sfHf
https://www.hamiwes.com
Submitted December 12, 2017 at 12:27PM by hamiwes01
via reddit http://ift.tt/2B7sfHf
Hamiwes
Société sécurité privée Paris | Agent de sécurité ssiap 1 - Ile de France.
L’agence de gardiennage Hamiwes Sécurité Privée basée à Paris (75), est spécialisée dans la securite privee, protection, incendie, ssiap 1 dans la région Ile de France.
Don’t trust all SSL / TLS certificates
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 03:43PM by hacktvist
via reddit http://ift.tt/2BauOIO
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 03:43PM by hacktvist
via reddit http://ift.tt/2BauOIO
Binary Figments
Don’t trust all SSL / TLS certificates
Earlier I did a story about CSR checkers from CA’s and their resellers. This was a nice thing to do and an eyeopener for some people. Now, I went for the certificate checkers! I generated my …
The 2018 Guide to Building Secure PHP Software
http://ift.tt/2AecvyO
Submitted December 12, 2017 at 05:56PM by sarciszewski
via reddit http://ift.tt/2kqTuCD
http://ift.tt/2AecvyO
Submitted December 12, 2017 at 05:56PM by sarciszewski
via reddit http://ift.tt/2kqTuCD
Paragonie
The 2018 Guide to Building Secure PHP Software - Paragon Initiative Enterprises Blog
Everything a developer needs to know to build secure software in the PHP programming language in the year 2018
Can a hacker log in bypassing 2FA?
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Submitted December 12, 2017 at 06:48PM by esdohadoce
via reddit http://ift.tt/2kpGVYs
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Submitted December 12, 2017 at 06:48PM by esdohadoce
via reddit http://ift.tt/2kpGVYs
reddit
Can a hacker log in bypassing 2FA? • r/security
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete with a collection of endpoint security tooling and logging best practices.
http://ift.tt/2z3sEsV
Submitted December 12, 2017 at 06:32PM by speckz
via reddit http://ift.tt/2AwdkHB
http://ift.tt/2z3sEsV
Submitted December 12, 2017 at 06:32PM by speckz
via reddit http://ift.tt/2AwdkHB
Medium
Introducing: Detection Lab
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete…
Security In 5: Episode 130 - OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
http://ift.tt/2jB5yVI
Submitted December 12, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2Bcefwp
http://ift.tt/2jB5yVI
Submitted December 12, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2Bcefwp
Libsyn
Security In Five Podcast: Episode 130 - OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
The OWASP Top 10 list is almost done. Number 9 talks about using components with known vulnerabilities. If you think this doesn't happen, look at Equifax. When vulnerabilities are published for a components hackers start to work on attacks for it. If you…