Security Planner - Improve your online safety with advice from experts
http://ift.tt/2B8nJc5

Submitted December 14, 2017 at 06:49PM by emptymatrix
via reddit http://ift.tt/2kswH9F

Security In 5: Episode 132 - Top 10 Security Tips For Your Network - 7 - Protect Your Network Access
http://ift.tt/2AYlLZ5

Submitted December 14, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2C8bQ2x

Introducing: Detection Lab – Chris Long – Medium
http://ift.tt/2z3sEsV

Submitted December 14, 2017 at 04:30PM by E5sN80fqC7qO
via reddit http://ift.tt/2jVe8eC

Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
http://ift.tt/2C3Xlgf

Submitted December 14, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2kufZGP

Reflected Cross-Site noscripting via HTTP headers in Safari browser
http://ift.tt/2BoFfJi

Submitted December 15, 2017 at 12:17AM by i_bo0om
via reddit http://ift.tt/2AIeBvl

How to Deploy a BeyondCorp-Style Web App
http://ift.tt/2zcyHvk

Submitted December 15, 2017 at 12:39AM by heitortsergent
via reddit http://ift.tt/2AHA47J

I'm hiring for a senior application security engineer in the M&A security team at Salesforce!
http://ift.tt/2C4TorF

Submitted December 15, 2017 at 12:53AM by calib0rx
via reddit http://ift.tt/2Cl6ou8

Few security related questions
While planning my app production, few security concerns were raised:Assuming you store secrets like 'DB connection string' in some 3rd party secured wallet, how do you inject those into your deployment noscript? how would you grab LastPass password into CloudFormation noscript?Assuming some developers have production permissions (devops), wouldn't it be smart not to assign to them production rights all the time rather they should use some elevated/temporary rights? how would you implement that?Does it make sense to store management systems like 'elasticsearch/kibana logs' in a separate peered VPC that is accessed to devops via VPN or MFA only?

Submitted December 15, 2017 at 02:29AM by yonatannn
via reddit http://ift.tt/2zcc4XF

Protecting code integrity with PGP (Linux Foundation IT guide)
http://ift.tt/2CdcMDA

Submitted December 15, 2017 at 02:33AM by mricon
via reddit http://ift.tt/2ksAK5X

I stumbled on an unprotected AWS account with seemingly sensitive information. What is the proper disclosure and remediation process?
I stumbled on an S3 bucket that appears to be unexpectedly public bucket for an organization in a sensitive industry (seriously, I was doing a search for a tangentially related product and noticed an unmasked S3 bucket url in the results. As a developer, I know that's something that's typically not intentional).It doesn't appear to contain any protected data (e.g. FERPA, HIPPA, PCI, etc) but it does contain sensitive information like personal resumes (with complete details), professional licenses, and similar. I doubt the organization is aware of the issue and I want to ensure I raise the issue properly.I've been involved in internal security issues like this, but never worked with another company to resolve a security issue.What should I do? What information should I provide? What should I do if I get no response?Just to be clear, this is a publicly available S3 bucket with no protection on it.

Submitted December 15, 2017 at 02:45AM by SkyPuncher
via reddit http://ift.tt/2kstVkP

Internet Chemotherapy - BrickerBot
http://ift.tt/2C82t2Y

Submitted December 15, 2017 at 03:27AM by Evil1337
via reddit http://ift.tt/2AGZHVT

Game-changing attack on critical infrastructure site causes outage
http://ift.tt/2jVymoD

Submitted December 15, 2017 at 03:38AM by RandomCollection
via reddit http://ift.tt/2kutdDD

Ransomware protection with Veeam, DXi deduplication and tape
http://ift.tt/2k86ltl

Submitted December 15, 2017 at 03:28AM by DerBootsMann
via reddit http://ift.tt/2B0fCvs

Bug Bounty:Vulnerability On Facebook Support
https://youtu.be/Uz9l14NKKpA

Submitted December 15, 2017 at 02:56AM by batys01
via reddit http://ift.tt/2AHUZrb

The 2017 SANS Holiday Hack Challenge
http://ift.tt/2yuyUGz

Submitted December 15, 2017 at 05:01AM by dr_netsec
via reddit http://ift.tt/2ktM2qw

LogRhythm, Fortinet, and RiskSense - Enterprise Security Weekly #72
http://ift.tt/2CkHPxg

Submitted December 15, 2017 at 06:01AM by volci
via reddit http://ift.tt/2yuWTW1

1.4 Billion clear text credentials exposed!
http://ift.tt/2zcGCbN

Submitted December 15, 2017 at 07:02AM by MrSnowflake75
via reddit http://ift.tt/2B1Mmod

Plaintext password used for identity verification
Talking to Amaysim support and they asked me for the first 4 characters of my password to verify my identity. I explained that I'm not happy having my password being sent to the server unhashed. Support argued that it wasn't the whole password and my account was secure. What do you guys think? Is this a common industry practice?

Submitted December 15, 2017 at 10:16AM by howzagoin
via reddit http://ift.tt/2jVLOsK

Security Orchestration Meets Ticket Management
http://ift.tt/2yuukYL

Submitted December 15, 2017 at 09:02AM by abhishekiyer
via reddit http://ift.tt/2j4JbUK

Really need help with Qubes-Whonix.
I have tried searching, I have tried reading the official documentation but I am just too dumb to understand it. If you are just going to link me to the documentation just save us both some time and don't.I use AirVPN, and I have no idea how to add the VPN config file into wherever it has to go, I don't know if I need to install my VPN client. I don't know anything.I want to have my VPN before TOR. Please could I have a basic tutorial on how to do it? I've looked all over YT and there isn't anything that I can understand.Edit: This is the best tutorial I have found, and I just used the AirVPN config file instead, but for some reason it isn't connect. http://ift.tt/2j3wkSw

Submitted December 15, 2017 at 08:10AM by Invitza
via reddit http://ift.tt/2zdOFFm

A developer’s guide to Single Sign-On
http://ift.tt/2BsQLmE

Submitted December 15, 2017 at 12:03PM by dmichalakos
via reddit http://ift.tt/2CoMLRK