Meltdown/Spectre performance hit
Anyone has a source or real life example how "bad" is the adversed performance loss after applying patches?Thx
Submitted January 07, 2018 at 01:53AM by steinbergmason
via reddit http://ift.tt/2D3sDWb
Anyone has a source or real life example how "bad" is the adversed performance loss after applying patches?Thx
Submitted January 07, 2018 at 01:53AM by steinbergmason
via reddit http://ift.tt/2D3sDWb
reddit
Meltdown/Spectre performance hit • r/security
Anyone has a source or real life example how "bad" is the adversed performance loss after applying patches? Thx
Aadhaar data breach? India's national ID database with details of 1.2 billion citizens 'leaked'
http://ift.tt/2CZ6x76
Submitted January 07, 2018 at 02:48AM by chull2058
via reddit http://ift.tt/2CLxbCJ
http://ift.tt/2CZ6x76
Submitted January 07, 2018 at 02:48AM by chull2058
via reddit http://ift.tt/2CLxbCJ
International Business Times UK
Aadhaar data breach? India's national ID database with details of 1.2 billion citizens 'leaked'
Currently the world's largest biometric database in the world, Aadhaar contains the personal and biometric information of over 1 billion Indian citizens.
Official BlackBerry Mobile Website hacked to mine Monero via Coinhive
http://ift.tt/2m08p7P
Submitted January 07, 2018 at 02:33AM by chull2058
via reddit http://ift.tt/2lZ8l8a
http://ift.tt/2m08p7P
Submitted January 07, 2018 at 02:33AM by chull2058
via reddit http://ift.tt/2lZ8l8a
HackRead
Official BlackBerry Mobile Website hacked to mine Monero via Coinhive
A Coinhive user hacked BlackBerry Mobile website to mine Monero coins before the scam was identified and details of which were published on Reddit.
Windows users to remain vulnerable to Meltdown & Spectre until January 9th; direct patch download links to manually update before then
http://ift.tt/2Czk6cs
Submitted January 07, 2018 at 04:33AM by mqudsi
via reddit http://ift.tt/2CxRUGR
http://ift.tt/2Czk6cs
Submitted January 07, 2018 at 04:33AM by mqudsi
via reddit http://ift.tt/2CxRUGR
The NeoSmart Files
Windows users to remain vulnerable to Meltdown/Spectre until at least January 9, 2018
In the days following the disclosure of CPU cache attacks Meltdown and Spectre, hardware, kernel, and software developers have rushed to provide security updates for their respective devices and pl…
Read privileged ARM system registers from usermode - PoC implementation of Meltdown variant 3a
http://ift.tt/2AABTy0
Submitted January 07, 2018 at 05:07AM by lgeek
via reddit http://ift.tt/2qzjNwJ
http://ift.tt/2AABTy0
Submitted January 07, 2018 at 05:07AM by lgeek
via reddit http://ift.tt/2qzjNwJ
GitHub
lgeek/spec_poc_arm
spec_poc_arm - Dump privileged ARM system registers from usermode using variant 3a of Meltdown
[eBook] Cybersecurity for Dummies
http://ift.tt/2F48boO
Submitted January 07, 2018 at 08:03AM by DiceIT
via reddit http://ift.tt/2EglcKI
http://ift.tt/2F48boO
Submitted January 07, 2018 at 08:03AM by DiceIT
via reddit http://ift.tt/2EglcKI
YourDailyTech
[eBook] Cybersecurity for Dummies | YourDailyTech
Cybersecurity For Dummies, Thycotic Special Edition, helps you understand and recognize the most common cybersecurity threats people face daily in their personal and work lives. With that understanding, you can then begin to adopt good cyber hygiene that…
If your project doesn't have a bug bounty program: Zerodium would be happy to pay for discovered vulnerabilities.
http://ift.tt/1KytLBt
Submitted January 07, 2018 at 06:42AM by PseudoSecuritay
via reddit http://ift.tt/2m6vPsU
http://ift.tt/1KytLBt
Submitted January 07, 2018 at 06:42AM by PseudoSecuritay
via reddit http://ift.tt/2m6vPsU
Zerodium
ZERODIUM - How to Sell Your 0day Exploit to ZERODIUM
ZERODIUM is a premium exploit acquisition platform for high-end zero-days and advanced vulnerability research. Our program allows security researchers to sell their 0day (zero-day) exploits and get premium rewards.
Windows Meltdown/Spectre mitigation patch won't be pushed out to users until Patch Tuesday (January 9, 2018)
http://ift.tt/2Czk6cs
Submitted January 07, 2018 at 06:30AM by mqudsi
via reddit http://ift.tt/2qzuuPT
http://ift.tt/2Czk6cs
Submitted January 07, 2018 at 06:30AM by mqudsi
via reddit http://ift.tt/2qzuuPT
The NeoSmart Files
Windows users to remain vulnerable to Meltdown/Spectre until at least January 9, 2018
In the days following the disclosure of CPU cache attacks Meltdown and Spectre, hardware, kernel, and software developers have rushed to provide security updates for their respective devices and pl…
Have i been hacked?
http://ift.tt/2Cz0Troi have a new user on my pc out of no-where. but when i go into manage accounts its only me and the guest account. any ideas?
Submitted January 07, 2018 at 12:35PM by DrPsyc
via reddit http://ift.tt/2qAwuYi
http://ift.tt/2Cz0Troi have a new user on my pc out of no-where. but when i go into manage accounts its only me and the guest account. any ideas?
Submitted January 07, 2018 at 12:35PM by DrPsyc
via reddit http://ift.tt/2qAwuYi
Imgur
new user?
Imgur: The magic of the Internet
Is someone trying to hack me? (Please check comments)
http://ift.tt/2AC5Lu7
Submitted January 07, 2018 at 03:30PM by mai_mai_moi
via reddit http://ift.tt/2CPtCMW
http://ift.tt/2AC5Lu7
Submitted January 07, 2018 at 03:30PM by mai_mai_moi
via reddit http://ift.tt/2CPtCMW
Imgur
Imgur: The magic of the Internet
A group of developers are building a new decentralized internet that that bypasses existing ISPs. It cannot be censored, throttled, or surveilled.
http://ift.tt/2CAq6Sc
Submitted January 07, 2018 at 06:53PM by NarwhalAmongUnicorns
via reddit http://ift.tt/2EhK5G1
http://ift.tt/2CAq6Sc
Submitted January 07, 2018 at 06:53PM by NarwhalAmongUnicorns
via reddit http://ift.tt/2EhK5G1
Amazon Local File Inclusion www.berkdusunur.net
http://ift.tt/2EkcdIf
Submitted January 07, 2018 at 09:28PM by berkdusunurx
via reddit http://ift.tt/2COiQ9A
http://ift.tt/2EkcdIf
Submitted January 07, 2018 at 09:28PM by berkdusunurx
via reddit http://ift.tt/2COiQ9A
www.berkdusunur.net
Amazon Local File Inclusion Vulnerability
Hello everyone :) I will write about the local file inclusion vulnerability and I show amazon subdomain LFI vulnerability. I repo...
Setting up a DNS Firewall on steroids
http://ift.tt/2AEB5sk
Submitted January 07, 2018 at 10:19PM by TheFlame937
via reddit http://ift.tt/2D3JOHm
http://ift.tt/2AEB5sk
Submitted January 07, 2018 at 10:19PM by TheFlame937
via reddit http://ift.tt/2D3JOHm
DNSMasterChef
Setting up a DNS Firewall on steroids
Selective DNS proxy forwarding based on DNS threat blocking providers intelligence.
Security of verifying bank account with microtransaction
Many services verify their users' accounts using microtransactions. Without the password of the user's account, how is the service able to withdraw money?
Submitted January 07, 2018 at 11:59PM by connorc0405
via reddit http://ift.tt/2qGNn3J
Many services verify their users' accounts using microtransactions. Without the password of the user's account, how is the service able to withdraw money?
Submitted January 07, 2018 at 11:59PM by connorc0405
via reddit http://ift.tt/2qGNn3J
reddit
Security of verifying bank account with microtransaction • r/security
Many services verify their users' accounts using microtransactions. Without the password of the user's account, how is the service able to...
Directory Listing to Account Takeover
http://ift.tt/2COlDzu
Submitted January 08, 2018 at 12:20AM by nishaanthguna
via reddit http://ift.tt/2m9t3Db
http://ift.tt/2COlDzu
Submitted January 08, 2018 at 12:20AM by nishaanthguna
via reddit http://ift.tt/2m9t3Db
ifc0nf1g.xyz
Directory Listing to Account Takeover
Directory listing is one of the most common misconfigurations which can be exploited trivially. However, the impact depends on the criticality of the files present inside the directory.
Recently, during one of my pentests, I came across an interesting open…
Recently, during one of my pentests, I came across an interesting open…
AMD PSP fTPM Remote Code Execution via crafted EK certificate. Jan 3 2018 Responsible Disclosure
http://ift.tt/2F3BRCe
Submitted January 08, 2018 at 03:48AM by PseudoSecuritay
via reddit http://ift.tt/2ACXNkw
http://ift.tt/2F3BRCe
Submitted January 08, 2018 at 03:48AM by PseudoSecuritay
via reddit http://ift.tt/2ACXNkw
seclists.org
Full Disclosure: AMD-PSP: fTPM Remote Code Execution via crafted EK certificate
Western Digital 'My Cloud' devices have a hardcoded backdoor -- stop using these NAS drives NOW!
http://ift.tt/2ABE7NH
Submitted January 08, 2018 at 04:12AM by CornCobBobby
via reddit http://ift.tt/2mcntzZ
http://ift.tt/2ABE7NH
Submitted January 08, 2018 at 04:12AM by CornCobBobby
via reddit http://ift.tt/2mcntzZ
BetaNews
Western Digital 'My Cloud' devices have a hardcoded backdoor -- stop using these NAS drives NOW!
I must be honest — I am starting to become fatigued by all of the vulnerabilities and security failures in technology nowadays. Quite frankly, between Spectre and Meltdown, I don’t even…
Backdoor in Western Digital “MyCloud” and Dead of Privacy and Data Safety
http://ift.tt/2ABlXfg
Submitted January 08, 2018 at 05:27AM by dbalut
via reddit http://ift.tt/2CPOeo5
http://ift.tt/2ABlXfg
Submitted January 08, 2018 at 05:27AM by dbalut
via reddit http://ift.tt/2CPOeo5
Medium
Backdoor in Western Digital “MyCloud” and Dead of Privacy and Data Safety
Your data is neither safe nor private if you’ve ever sent it over the Internet.
Crosspost - Defender unexpected behaviour with WinRAR link
I posted over in /r/sysadmin about an issue with a completely up to date Windows defender. You can check this out:http://ift.tt/2qDd4SwAnd share your thoughts / analysis. It's late in EST, so I'll be reviewing it in more detail myself tomorrow. Perhaps others are awake and interested in seeing if Defender is making an error, or it something is up with a RARLAB cdn?
Submitted January 08, 2018 at 06:27AM by browndizzle
via reddit http://ift.tt/2CQbDFd
I posted over in /r/sysadmin about an issue with a completely up to date Windows defender. You can check this out:http://ift.tt/2qDd4SwAnd share your thoughts / analysis. It's late in EST, so I'll be reviewing it in more detail myself tomorrow. Perhaps others are awake and interested in seeing if Defender is making an error, or it something is up with a RARLAB cdn?
Submitted January 08, 2018 at 06:27AM by browndizzle
via reddit http://ift.tt/2CQbDFd
reddit
Windows 10 Pro / Defender picking up Winrar x64 as... • r/sysadmin
I just hit the usual rarlab.com/download.htm link at a client office. Immediately Windows Defender interrupted the download to tell me that the...
stealing cryptocurrencies from electrum wallets via CORS
http://ift.tt/2lZK166
Submitted January 08, 2018 at 12:12PM by d4nk1st
via reddit http://ift.tt/2COhXwW
http://ift.tt/2lZK166
Submitted January 08, 2018 at 12:12PM by d4nk1st
via reddit http://ift.tt/2COhXwW
GitHub
Password protect the JSONRPC interface · Issue #3374 · spesmilo/electrum
The JSONRPC interface is currently completely unprotected, I believe it should be a priority to add at least some form of password protection.
Scans for the JSONRPC interface of Ethereum wallets ha...
Scans for the JSONRPC interface of Ethereum wallets ha...
Intel Released "Coffee Lake" Knowing it Was Vulnerable to Spectre and Meltdown
http://ift.tt/2CUQsQ8
Submitted January 08, 2018 at 01:58PM by mm_farahat
via reddit http://ift.tt/2mbB6iY
http://ift.tt/2CUQsQ8
Submitted January 08, 2018 at 01:58PM by mm_farahat
via reddit http://ift.tt/2mbB6iY
TechPowerUp
Intel Released "Coffee Lake" Knowing it Was Vulnerable to Spectre and Meltdown
By the time Intel launched its 8th generation Core "Coffee Lake" desktop processor family (September 25, 2017, with October 5 availability), the company was fully aware that the product it is releasing was vulnerable to the three vulnerabilities plaguing…