Recent Reddit account hacking spree could be a text book example of internal security threat. Reset link weakness identified. Email hacking/malware can be ruled out (read thread), it seems like an insider job (details in thread).
http://ift.tt/2DFmbUo

Submitted January 01, 2018 at 08:15PM by geekmonk
via reddit http://ift.tt/2CAp0XD

Question about 2-factor authentication
Hi guys,Not sure if this can be posted here, please let me know if I should publish it anywhere else.I have one account where I have activated the 2-FA. When I tried to log in it said that the code was incorrect (I added the 2-FA to the android app through the QR code). I also tried to delete it from the app and add it again (I have both the initial QR pic and the text code) but it´s still not working.I also tried to sync the time within the app and nothing as well. Any idea what might be going on or how to solve it?Thanks a lot!

Submitted January 01, 2018 at 08:28PM by Heco1331
via reddit http://ift.tt/2lwPSQV

Firefox Send - is it the most secure file sharing app??
https://youtube.com/watch?list=PL4Z_2mButeI4GOjMALx6E-aQS-wFzM5yo&v=N5DuOhY1XN0

Submitted January 01, 2018 at 10:47PM by dre_russ
via reddit http://ift.tt/2Cy8Xt9

No boundaries for user identities: Web trackers exploit browser login managers
http://ift.tt/2lgYsSV

Submitted January 02, 2018 at 12:55AM by bigshmoo
via reddit http://ift.tt/2DHvumE

34c3 talks
http://ift.tt/2l9k30q

Submitted January 02, 2018 at 01:39AM by pheexx
via reddit http://ift.tt/2lC18e1

A fun video describing some of the many Federation security vulnerabilities in the first Star Wars movie.
https://player.vimeo.com/video/148946917

Submitted January 02, 2018 at 01:44AM by aasreddit
via reddit http://ift.tt/2qg9NZp

The Reddit reset link issue makes Reddit users vulnerable to hacks from Reddit employees. u/spez you must URGENTLY FIX reset link vulnerability so that they work only when clicked in users' email. users are at risk!
http://ift.tt/2lB3KZG

Submitted January 02, 2018 at 02:38AM by geekmonk
via reddit http://ift.tt/2DJrlPk

ropchain: bypassing ASLR+DEP+stack canaries
http://ift.tt/2lz93JR

Submitted January 02, 2018 at 06:22AM by dgryski
via reddit http://ift.tt/2CnevKv

The nasty surprises hackers have in store for us in 2018
http://ift.tt/2DO36iZ

Submitted January 02, 2018 at 11:59AM by aasreddit
via reddit http://ift.tt/2qanU2j

The mysterious case of the Linux Page Table Isolation patches
http://ift.tt/2C5VZ53

Submitted January 02, 2018 at 12:01AM by Kerrovitar
via reddit http://ift.tt/2lFFu8D

Ad targeters are pulling data from your browser’s password manager
http://ift.tt/2CeNfNU

Submitted January 02, 2018 at 02:25PM by rhabarba
via reddit http://ift.tt/2A3TQ7Y

Question regarding data shared with 2FA
Hope this makes sense. I have two accounts set up with a provider that I need to keep entirely separate, so use different usernames, passwords, IP addresses, payment details etc.However, 2FA is now compulsory, so I need to implement it on the second account. Can I use the same 2FA app (i.e. Google authenticator) for both accounts, or is some data shared with the provider that would show a link, i.e. the mac address, IP address or even the mobile phone number associated?I had considered setting up Authy for the separate account, but that now requests the mobile phone number too, before you can use it...again, leading to me wondering if the same problem applies or shared data?

Submitted January 02, 2018 at 05:51PM by ianmd
via reddit http://ift.tt/2EzTl97

New vulnerability exposed for smartphones
http://ift.tt/2Ch1j9F

Submitted January 02, 2018 at 05:22PM by silverf0x001
via reddit http://ift.tt/2DOuBc4

Data Breach Report: December 2017
http://ift.tt/2CaL4XO

Submitted January 02, 2018 at 06:05PM by Uminekoshi
via reddit http://ift.tt/2lJc1dU

Leveraging "French Kiss Attack" to boost your phishing campaign
http://ift.tt/2EABAGM

Submitted January 02, 2018 at 06:11PM by Void_Sec
via reddit http://ift.tt/2C99EIx

Fingerprinting with Zero-Width Characters
http://ift.tt/2Cm640V

Submitted January 02, 2018 at 07:47PM by speckz
via reddit http://ift.tt/2EASdCe

Security In 5: File Progress Episode 143 - How To Secure Your Video Game Consoles - Switch, Xbox One, PS4
http://ift.tt/2lGz0Y5

Submitted January 02, 2018 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2A6fbOh

Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory
http://ift.tt/2Er77ej

Submitted January 01, 2018 at 10:04PM by based2
via reddit http://ift.tt/2CF36lS

Stop Procrastinating and Get Things Done! From Senior Security Analyst/Malware Reverser to WebDev/SecDevOps
http://ift.tt/2A7cRGx

Submitted January 02, 2018 at 09:59PM by marcomcse
via reddit http://ift.tt/2lF2wNU

The password requirements for the Social Security Administration website are horrifying. How is this even allowed?
http://ift.tt/2lFYWTQ

Submitted January 02, 2018 at 09:31PM by jklick
via reddit http://ift.tt/2qcBqSN

Multiple vulnerabilities in the online services of (GPS) location tracking devices
http://ift.tt/2CsgagZ

Submitted January 02, 2018 at 10:53PM by cybergibbons
via reddit http://ift.tt/2EDkMiA