I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important
http://ift.tt/2BhZ0C1
Submitted December 14, 2017 at 05:59AM by volci
via reddit http://ift.tt/2nZqsyZ
http://ift.tt/2BhZ0C1
Submitted December 14, 2017 at 05:59AM by volci
via reddit http://ift.tt/2nZqsyZ
Troy Hunt
I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important
Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine..." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel
[Discord Server] Information Security Chat
http://ift.tt/2j2NeAU
Submitted December 14, 2017 at 10:42AM by PoliFish
via reddit http://ift.tt/2kqJSrv
http://ift.tt/2j2NeAU
Submitted December 14, 2017 at 10:42AM by PoliFish
via reddit http://ift.tt/2kqJSrv
Discord
Discord - Free voice and text chat for gamers
Step up your game with a modern voice & text chat app. Crystal clear voice, multiple server and channel support, mobile apps, and more. Get your free server now!
Hardening Windows with AppLocker - Mitigate msbuild.exe
http://ift.tt/2kuwQcq
Submitted December 14, 2017 at 12:43PM by oddvarmoe
via reddit http://ift.tt/2Bj27Kb
http://ift.tt/2kuwQcq
Submitted December 14, 2017 at 12:43PM by oddvarmoe
via reddit http://ift.tt/2Bj27Kb
Oddvar Moe's Blog
Harden Windows with AppLocker – based on Case study part 1
This blogpost is actually a tribute to Matt Graeber’s request from twitter. Since I have learned so much stuff from that guy, I take these sort of request really seriously. In my post …
DNS Performance Compared: Google, Quad9, OpenDNS, Norton, CleanBrowsing, and Yandex
http://ift.tt/2BY2J4t?
Submitted December 14, 2017 at 11:24AM by rmddos
via reddit http://ift.tt/2zaoq2x
http://ift.tt/2BY2J4t?
Submitted December 14, 2017 at 11:24AM by rmddos
via reddit http://ift.tt/2zaoq2x
Medium
DNS Performance Comparison: Google, Quad9, OpenDNS, Norton, CleanBrowsing, and Yandex
Since my ISP thought was a good idea to modify their resolver responses to push me to their own "search engine", I realized the importance…
InfoSec Week 49, 2017
http://ift.tt/2AXVfPH
Submitted December 14, 2017 at 01:17PM by undercomm
via reddit http://ift.tt/2AHspWL
http://ift.tt/2AXVfPH
Submitted December 14, 2017 at 01:17PM by undercomm
via reddit http://ift.tt/2AHspWL
Malgregator
InfoSec Week 49, 2017
The
"2017 EU Security Awareness Summit - After Action Report"
http://ift.tt/2o5M1hy
Submitted December 14, 2017 at 06:06PM by volci
via reddit http://ift.tt/2CjeBiy
http://ift.tt/2o5M1hy
Submitted December 14, 2017 at 06:06PM by volci
via reddit http://ift.tt/2CjeBiy
securingthehuman.sans.org
Security Awareness Blog | 2017 EU Security Awareness Summit - After Action Report
Security Awareness Blog blog pertaining to 2017 EU Security Awareness Summit - After Action Report
How a Dorm Room Minecraft Scam Brought Down the Internet
http://ift.tt/2Aj5yg4
Submitted December 14, 2017 at 04:51PM by whitehattracker
via reddit http://ift.tt/2zbaF3R
http://ift.tt/2Aj5yg4
Submitted December 14, 2017 at 04:51PM by whitehattracker
via reddit http://ift.tt/2zbaF3R
WIRED
How a Dorm Room Minecraft Scam Brought Down the Internet
The DDoS attack that crippled the internet last fall wasn't the work of a nation-state. It was three college kids working a Minecraft hustle.
How to Secure Your Data from Ransomware and Other Threats
https://jelvix.com
Submitted December 14, 2017 at 03:54PM by Jelvix
via reddit http://ift.tt/2kt2IhZ
https://jelvix.com
Submitted December 14, 2017 at 03:54PM by Jelvix
via reddit http://ift.tt/2kt2IhZ
Jelvix
Enterprise Software Development Company - Jelvix
Jelvix is a global technology company providing custom software development services to leading businesses in a variety of industries and domains.
Yara sweeper for incident response
http://ift.tt/2o5BYsy
Submitted December 14, 2017 at 06:29PM by _spartak
via reddit http://ift.tt/2jT6ZLN
http://ift.tt/2o5BYsy
Submitted December 14, 2017 at 06:29PM by _spartak
via reddit http://ift.tt/2jT6ZLN
GitLab
nowayout / yara_sweeper
Yara Sweeper for Incident Response
Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair
http://ift.tt/2C25qC5
Submitted December 14, 2017 at 07:00PM by ase1590
via reddit http://ift.tt/2ks7DQc
http://ift.tt/2C25qC5
Submitted December 14, 2017 at 07:00PM by ase1590
via reddit http://ift.tt/2ks7DQc
Zero Day Initiative
Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair
In this guest blog, Trend Micro DVLabs researcher Ricky Lawshae discusses the recently disclosed CVE-2017-17411. He discovered and reported this bug through the ZDI program. Earlier this year, I learned that AT&T was starting to move customers away from its…
Security Planner - Improve your online safety with advice from experts
http://ift.tt/2B8nJc5
Submitted December 14, 2017 at 06:49PM by emptymatrix
via reddit http://ift.tt/2kswH9F
http://ift.tt/2B8nJc5
Submitted December 14, 2017 at 06:49PM by emptymatrix
via reddit http://ift.tt/2kswH9F
Security Planner
Security Planner - Improve your online safety with tools for your needs.
Answer a few simple questions to get personalized recommendations of free and open-source software. It's confidential -- no personal information is stored, and we won't access any of your online accounts.
Security In 5: Episode 132 - Top 10 Security Tips For Your Network - 7 - Protect Your Network Access
http://ift.tt/2AYlLZ5
Submitted December 14, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2C8bQ2x
http://ift.tt/2AYlLZ5
Submitted December 14, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2C8bQ2x
Libsyn
Security In Five Podcast: Episode 132 - Top 10 Security Tips For Your Network - 7 - Protect Your Network Access
Number 7 in my Top 10 Security Tips for Your Network talks about protecting the external access into your network. Whether through applications, FTP, VPN, etc... your customers and employees at some point need to get to internal resources from outside the…
Introducing: Detection Lab – Chris Long – Medium
http://ift.tt/2z3sEsV
Submitted December 14, 2017 at 04:30PM by E5sN80fqC7qO
via reddit http://ift.tt/2jVe8eC
http://ift.tt/2z3sEsV
Submitted December 14, 2017 at 04:30PM by E5sN80fqC7qO
via reddit http://ift.tt/2jVe8eC
Medium
Introducing: Detection Lab
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete…
Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
http://ift.tt/2C3Xlgf
Submitted December 14, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2kufZGP
http://ift.tt/2C3Xlgf
Submitted December 14, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2kufZGP
FireEye
Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational
Disruption to Critical Infrastructure « Attackers Deploy…
Disruption to Critical Infrastructure « Attackers Deploy…
Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems.
Reflected Cross-Site noscripting via HTTP headers in Safari browser
http://ift.tt/2BoFfJi
Submitted December 15, 2017 at 12:17AM by i_bo0om
via reddit http://ift.tt/2AIeBvl
http://ift.tt/2BoFfJi
Submitted December 15, 2017 at 12:17AM by i_bo0om
via reddit http://ift.tt/2AIeBvl
Wallarm
The Good, The Bad and The Ugly of Safari in Client-Side Attacks
I’ve previously published an article about using Safari to compromise a computer file system.
How to Deploy a BeyondCorp-Style Web App
http://ift.tt/2zcyHvk
Submitted December 15, 2017 at 12:39AM by heitortsergent
via reddit http://ift.tt/2AHA47J
http://ift.tt/2zcyHvk
Submitted December 15, 2017 at 12:39AM by heitortsergent
via reddit http://ift.tt/2AHA47J
ScaleFT
ScaleFT - How To Deploy A BeyondCorp-Style Web App Behind The ScaleFT Access Fabric
With ScaleFT Web Access, internal company applications are protected by an Access Fabric, a globally distributed real-time authorization CDN capable of making intelligent trust decisions at the edge.
I'm hiring for a senior application security engineer in the M&A security team at Salesforce!
http://ift.tt/2C4TorF
Submitted December 15, 2017 at 12:53AM by calib0rx
via reddit http://ift.tt/2Cl6ou8
http://ift.tt/2C4TorF
Submitted December 15, 2017 at 12:53AM by calib0rx
via reddit http://ift.tt/2Cl6ou8
Few security related questions
While planning my app production, few security concerns were raised:Assuming you store secrets like 'DB connection string' in some 3rd party secured wallet, how do you inject those into your deployment noscript? how would you grab LastPass password into CloudFormation noscript?Assuming some developers have production permissions (devops), wouldn't it be smart not to assign to them production rights all the time rather they should use some elevated/temporary rights? how would you implement that?Does it make sense to store management systems like 'elasticsearch/kibana logs' in a separate peered VPC that is accessed to devops via VPN or MFA only?
Submitted December 15, 2017 at 02:29AM by yonatannn
via reddit http://ift.tt/2zcc4XF
While planning my app production, few security concerns were raised:Assuming you store secrets like 'DB connection string' in some 3rd party secured wallet, how do you inject those into your deployment noscript? how would you grab LastPass password into CloudFormation noscript?Assuming some developers have production permissions (devops), wouldn't it be smart not to assign to them production rights all the time rather they should use some elevated/temporary rights? how would you implement that?Does it make sense to store management systems like 'elasticsearch/kibana logs' in a separate peered VPC that is accessed to devops via VPN or MFA only?
Submitted December 15, 2017 at 02:29AM by yonatannn
via reddit http://ift.tt/2zcc4XF
reddit
Few security related questions • r/security
While planning my app production, few security concerns were raised: 1. Assuming you store secrets like 'DB connection string' in some 3rd party...
Protecting code integrity with PGP (Linux Foundation IT guide)
http://ift.tt/2CdcMDA
Submitted December 15, 2017 at 02:33AM by mricon
via reddit http://ift.tt/2ksAK5X
http://ift.tt/2CdcMDA
Submitted December 15, 2017 at 02:33AM by mricon
via reddit http://ift.tt/2ksAK5X
GitHub
lfit/itpol
itpol - Useful IT policies
I stumbled on an unprotected AWS account with seemingly sensitive information. What is the proper disclosure and remediation process?
I stumbled on an S3 bucket that appears to be unexpectedly public bucket for an organization in a sensitive industry (seriously, I was doing a search for a tangentially related product and noticed an unmasked S3 bucket url in the results. As a developer, I know that's something that's typically not intentional).It doesn't appear to contain any protected data (e.g. FERPA, HIPPA, PCI, etc) but it does contain sensitive information like personal resumes (with complete details), professional licenses, and similar. I doubt the organization is aware of the issue and I want to ensure I raise the issue properly.I've been involved in internal security issues like this, but never worked with another company to resolve a security issue.What should I do? What information should I provide? What should I do if I get no response?Just to be clear, this is a publicly available S3 bucket with no protection on it.
Submitted December 15, 2017 at 02:45AM by SkyPuncher
via reddit http://ift.tt/2kstVkP
I stumbled on an S3 bucket that appears to be unexpectedly public bucket for an organization in a sensitive industry (seriously, I was doing a search for a tangentially related product and noticed an unmasked S3 bucket url in the results. As a developer, I know that's something that's typically not intentional).It doesn't appear to contain any protected data (e.g. FERPA, HIPPA, PCI, etc) but it does contain sensitive information like personal resumes (with complete details), professional licenses, and similar. I doubt the organization is aware of the issue and I want to ensure I raise the issue properly.I've been involved in internal security issues like this, but never worked with another company to resolve a security issue.What should I do? What information should I provide? What should I do if I get no response?Just to be clear, this is a publicly available S3 bucket with no protection on it.
Submitted December 15, 2017 at 02:45AM by SkyPuncher
via reddit http://ift.tt/2kstVkP
reddit
I stumbled on an unprotected AWS account with... • r/security
I stumbled on an S3 bucket that appears to be unexpectedly public bucket for an organization in a sensitive industry (seriously, I was doing a...
Internet Chemotherapy - BrickerBot
http://ift.tt/2C82t2Y
Submitted December 15, 2017 at 03:27AM by Evil1337
via reddit http://ift.tt/2AGZHVT
http://ift.tt/2C82t2Y
Submitted December 15, 2017 at 03:27AM by Evil1337
via reddit http://ift.tt/2AGZHVT
reddit
Internet Chemotherapy - BrickerBot • r/netsec
1 points and 0 comments so far on reddit