A group of developers are building a new decentralized internet that that bypasses existing ISPs. It cannot be censored, throttled, or surveilled.
http://ift.tt/2CAq6Sc
Submitted January 07, 2018 at 06:53PM by NarwhalAmongUnicorns
via reddit http://ift.tt/2EhK5G1
http://ift.tt/2CAq6Sc
Submitted January 07, 2018 at 06:53PM by NarwhalAmongUnicorns
via reddit http://ift.tt/2EhK5G1
Amazon Local File Inclusion www.berkdusunur.net
http://ift.tt/2EkcdIf
Submitted January 07, 2018 at 09:28PM by berkdusunurx
via reddit http://ift.tt/2COiQ9A
http://ift.tt/2EkcdIf
Submitted January 07, 2018 at 09:28PM by berkdusunurx
via reddit http://ift.tt/2COiQ9A
www.berkdusunur.net
Amazon Local File Inclusion Vulnerability
Hello everyone :) I will write about the local file inclusion vulnerability and I show amazon subdomain LFI vulnerability. I repo...
Setting up a DNS Firewall on steroids
http://ift.tt/2AEB5sk
Submitted January 07, 2018 at 10:19PM by TheFlame937
via reddit http://ift.tt/2D3JOHm
http://ift.tt/2AEB5sk
Submitted January 07, 2018 at 10:19PM by TheFlame937
via reddit http://ift.tt/2D3JOHm
DNSMasterChef
Setting up a DNS Firewall on steroids
Selective DNS proxy forwarding based on DNS threat blocking providers intelligence.
Security of verifying bank account with microtransaction
Many services verify their users' accounts using microtransactions. Without the password of the user's account, how is the service able to withdraw money?
Submitted January 07, 2018 at 11:59PM by connorc0405
via reddit http://ift.tt/2qGNn3J
Many services verify their users' accounts using microtransactions. Without the password of the user's account, how is the service able to withdraw money?
Submitted January 07, 2018 at 11:59PM by connorc0405
via reddit http://ift.tt/2qGNn3J
reddit
Security of verifying bank account with microtransaction • r/security
Many services verify their users' accounts using microtransactions. Without the password of the user's account, how is the service able to...
Directory Listing to Account Takeover
http://ift.tt/2COlDzu
Submitted January 08, 2018 at 12:20AM by nishaanthguna
via reddit http://ift.tt/2m9t3Db
http://ift.tt/2COlDzu
Submitted January 08, 2018 at 12:20AM by nishaanthguna
via reddit http://ift.tt/2m9t3Db
ifc0nf1g.xyz
Directory Listing to Account Takeover
Directory listing is one of the most common misconfigurations which can be exploited trivially. However, the impact depends on the criticality of the files present inside the directory.
Recently, during one of my pentests, I came across an interesting open…
Recently, during one of my pentests, I came across an interesting open…
AMD PSP fTPM Remote Code Execution via crafted EK certificate. Jan 3 2018 Responsible Disclosure
http://ift.tt/2F3BRCe
Submitted January 08, 2018 at 03:48AM by PseudoSecuritay
via reddit http://ift.tt/2ACXNkw
http://ift.tt/2F3BRCe
Submitted January 08, 2018 at 03:48AM by PseudoSecuritay
via reddit http://ift.tt/2ACXNkw
seclists.org
Full Disclosure: AMD-PSP: fTPM Remote Code Execution via crafted EK certificate
Western Digital 'My Cloud' devices have a hardcoded backdoor -- stop using these NAS drives NOW!
http://ift.tt/2ABE7NH
Submitted January 08, 2018 at 04:12AM by CornCobBobby
via reddit http://ift.tt/2mcntzZ
http://ift.tt/2ABE7NH
Submitted January 08, 2018 at 04:12AM by CornCobBobby
via reddit http://ift.tt/2mcntzZ
BetaNews
Western Digital 'My Cloud' devices have a hardcoded backdoor -- stop using these NAS drives NOW!
I must be honest — I am starting to become fatigued by all of the vulnerabilities and security failures in technology nowadays. Quite frankly, between Spectre and Meltdown, I don’t even…
Backdoor in Western Digital “MyCloud” and Dead of Privacy and Data Safety
http://ift.tt/2ABlXfg
Submitted January 08, 2018 at 05:27AM by dbalut
via reddit http://ift.tt/2CPOeo5
http://ift.tt/2ABlXfg
Submitted January 08, 2018 at 05:27AM by dbalut
via reddit http://ift.tt/2CPOeo5
Medium
Backdoor in Western Digital “MyCloud” and Dead of Privacy and Data Safety
Your data is neither safe nor private if you’ve ever sent it over the Internet.
Crosspost - Defender unexpected behaviour with WinRAR link
I posted over in /r/sysadmin about an issue with a completely up to date Windows defender. You can check this out:http://ift.tt/2qDd4SwAnd share your thoughts / analysis. It's late in EST, so I'll be reviewing it in more detail myself tomorrow. Perhaps others are awake and interested in seeing if Defender is making an error, or it something is up with a RARLAB cdn?
Submitted January 08, 2018 at 06:27AM by browndizzle
via reddit http://ift.tt/2CQbDFd
I posted over in /r/sysadmin about an issue with a completely up to date Windows defender. You can check this out:http://ift.tt/2qDd4SwAnd share your thoughts / analysis. It's late in EST, so I'll be reviewing it in more detail myself tomorrow. Perhaps others are awake and interested in seeing if Defender is making an error, or it something is up with a RARLAB cdn?
Submitted January 08, 2018 at 06:27AM by browndizzle
via reddit http://ift.tt/2CQbDFd
reddit
Windows 10 Pro / Defender picking up Winrar x64 as... • r/sysadmin
I just hit the usual rarlab.com/download.htm link at a client office. Immediately Windows Defender interrupted the download to tell me that the...
stealing cryptocurrencies from electrum wallets via CORS
http://ift.tt/2lZK166
Submitted January 08, 2018 at 12:12PM by d4nk1st
via reddit http://ift.tt/2COhXwW
http://ift.tt/2lZK166
Submitted January 08, 2018 at 12:12PM by d4nk1st
via reddit http://ift.tt/2COhXwW
GitHub
Password protect the JSONRPC interface · Issue #3374 · spesmilo/electrum
The JSONRPC interface is currently completely unprotected, I believe it should be a priority to add at least some form of password protection.
Scans for the JSONRPC interface of Ethereum wallets ha...
Scans for the JSONRPC interface of Ethereum wallets ha...
Intel Released "Coffee Lake" Knowing it Was Vulnerable to Spectre and Meltdown
http://ift.tt/2CUQsQ8
Submitted January 08, 2018 at 01:58PM by mm_farahat
via reddit http://ift.tt/2mbB6iY
http://ift.tt/2CUQsQ8
Submitted January 08, 2018 at 01:58PM by mm_farahat
via reddit http://ift.tt/2mbB6iY
TechPowerUp
Intel Released "Coffee Lake" Knowing it Was Vulnerable to Spectre and Meltdown
By the time Intel launched its 8th generation Core "Coffee Lake" desktop processor family (September 25, 2017, with October 5 availability), the company was fully aware that the product it is releasing was vulnerable to the three vulnerabilities plaguing…
Winter Olympics targeted by hackers says security firm
http://ift.tt/2F9wSAa
Submitted January 08, 2018 at 01:48PM by Benjaminsen
via reddit http://ift.tt/2CRWtiQ
http://ift.tt/2F9wSAa
Submitted January 08, 2018 at 01:48PM by Benjaminsen
via reddit http://ift.tt/2CRWtiQ
BBC News
Winter Olympics targeted by hackers says security firm
Cyber-security firm McAfee said the focus of the attack included groups affiliated with ice hockey.
Processor Vulnerability – Meltdown and Spectre
http://ift.tt/2mbUAnu
Submitted January 08, 2018 at 03:27PM by BCNGroup
via reddit http://ift.tt/2CGWqDi
http://ift.tt/2mbUAnu
Submitted January 08, 2018 at 03:27PM by BCNGroup
via reddit http://ift.tt/2CGWqDi
IT Support & Consultancy - Stockport, Cheshire, Manchester & Beyond
Processor Vulnerability - Meltdown and Spectre | IT Support & Consultancy - Stockport, Cheshire, Manchester & Beyond
As you may be aware there have been two processor vulnerabilities published. These vulnerabilities affect various vendor CPUs including Intel processors. These latest vulnerabilities are named Meltdown and Spectre. Meltdown Meltdown breaks the most fundamental…
ICS Security Conference (S4x18) on January 16, 2018
http://ift.tt/2mcJpuX
Submitted January 08, 2018 at 03:13PM by cywarelabs
via reddit http://ift.tt/2D85K3M
http://ift.tt/2mcJpuX
Submitted January 08, 2018 at 03:13PM by cywarelabs
via reddit http://ift.tt/2D85K3M
Cyware
ICS Security Conference (S4x18) | Cyware
At S4x17 there was war robot parkour, kegerator hacking challenges, virtual reality, make your own waffle sunday, learn how to make classic cocktails, back massages, and more. Of course, there is a full assortment and food and drink.
The real benefit is…
The real benefit is…
Bare Knuckled Antivirus Breaking
http://ift.tt/2CHy1gw
Submitted January 08, 2018 at 03:00PM by buherator
via reddit http://ift.tt/2ADsDt3
http://ift.tt/2CHy1gw
Submitted January 08, 2018 at 03:00PM by buherator
via reddit http://ift.tt/2ADsDt3
reddit
Bare Knuckled Antivirus Breaking • r/netsec
2 points and 0 comments so far on reddit
Single sign-on doesn't help with infosec compliance - companies need more granular info
http://ift.tt/2ElhShz
Submitted January 08, 2018 at 05:31PM by MatosKapetanakis
via reddit http://ift.tt/2D6BZAs
http://ift.tt/2ElhShz
Submitted January 08, 2018 at 05:31PM by MatosKapetanakis
via reddit http://ift.tt/2D6BZAs
reddit
Single sign-on doesn't help with infosec compliance -... • r/security
1 points and 0 comments so far on reddit
Thomas the Tank Engine mobile application bug bounty writeup
http://ift.tt/2CE0KTJ
Submitted January 08, 2018 at 05:23PM by TheRealest_Me
via reddit http://ift.tt/2Elc2fV
http://ift.tt/2CE0KTJ
Submitted January 08, 2018 at 05:23PM by TheRealest_Me
via reddit http://ift.tt/2Elc2fV
Continuous Cyber Security | UK | Digital Interruption
F**k you Thomas - ToyTalk bug bounty writeup | Continuous Cyber Security | UK | Digital Interruption
Jahmel Harris at Digital Interruption submitted two bugs to ToyTalk and was awarded $1750. As the issues have been resolved, he wanted to write about the vulner
Security In 5: Episode 147 - Why You Should Never Save Passwords In Your Browser, Any Browser
http://ift.tt/2COeRJt
Submitted January 08, 2018 at 07:43PM by BinaryBlog
via reddit http://ift.tt/2EliK5y
http://ift.tt/2COeRJt
Submitted January 08, 2018 at 07:43PM by BinaryBlog
via reddit http://ift.tt/2EliK5y
Libsyn
Security In Five Podcast: Episode 147 - Why You Should Never Save Passwords In Your Browser, Any Browser
If you use a browser you may have noticed that when you enter a username/password in a website the browser asks you to save it. Don't. It may seem convenient to save those for easy login next time but it's not as secure as you think. This episode goes into…
All Your Docs Are Belong To Us - reversing an av engine to compose signatures capable of detecting classified documents
http://ift.tt/2q8W3Q4
Submitted January 08, 2018 at 07:58PM by maxxori
via reddit http://ift.tt/2AFJ1cs
http://ift.tt/2q8W3Q4
Submitted January 08, 2018 at 07:58PM by maxxori
via reddit http://ift.tt/2AFJ1cs
Objective-See
All Your Docs Are Belong To Us
reversing an av engine to compose signatures capable of detecting classified documents
Actions Required to Mitigate Speculative Side-Channel Attack Techniques
http://ift.tt/2ENr7rD
Submitted January 08, 2018 at 07:00PM by MrBeanie88
via reddit http://ift.tt/2CGpQ4a
http://ift.tt/2ENr7rD
Submitted January 08, 2018 at 07:00PM by MrBeanie88
via reddit http://ift.tt/2CGpQ4a
Google
Actions Required to Mitigate Speculative Side-Channel Attack Techniques - The Chromium Projects
Home of the Chromium Open Source Project
Ex-NSA hacker builds AI tool to hunt hate groups' symbols online
http://ift.tt/2AGLgw9
Submitted January 08, 2018 at 08:37PM by yourbasicgeek
via reddit http://ift.tt/2AGtk4Q
http://ift.tt/2AGLgw9
Submitted January 08, 2018 at 08:37PM by yourbasicgeek
via reddit http://ift.tt/2AGtk4Q
Naked Security
Ex-NSA hacker builds AI tool to hunt hate groups’ symbols online
She’s teaching NEMESIS to find white nationalists’ so-called dog whistles – the Black Sun and Pepe the frog memes – with object recognition.