Parity Ethereum Client <= v1.6.10 Dapp Browser webproxy token reuse same-origin policy bypass (with poc) (CVE-2017-18016)
http://ift.tt/2CYaprG

Submitted January 10, 2018 at 10:44PM by -tin-
via reddit http://ift.tt/2qQEu7C

Security Now 645 The Speculation Meltdown | TWiT.TV
http://ift.tt/2Db5W2h

Submitted January 10, 2018 at 11:35PM by dmp1ce
via reddit http://ift.tt/2FmPeOj

Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search
http://ift.tt/2Fjf1a2

Submitted January 10, 2018 at 11:37PM by vah_13
via reddit http://ift.tt/2D1km8E

OpenSSL command cheatsheet
http://ift.tt/2mfodDC

Submitted January 11, 2018 at 01:56AM by alsam88
via reddit http://ift.tt/2AMhTsJ

Commercial vs. Federal
What skills should one concentrate on if they are looking to move from the Federal area of security (NIST, FISMA, FISCAM, Compliance, etc.) to the commercial side of things (Finance, etc?). I have about 15 years on the Federal side (live in DC) and am thinking about making the move to commercial for more options, both professionally and places I can move to.

Submitted January 11, 2018 at 01:39AM by lampshade2818
via reddit http://ift.tt/2D2HjYP

Reverse Engineering the OBi200 Google Voice Appliance: Part 3
http://ift.tt/2CYJNqj

Submitted January 11, 2018 at 02:14AM by rwestergren
via reddit http://ift.tt/2Euo1YD

macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password
http://ift.tt/2DitVwD

Submitted January 11, 2018 at 01:30AM by nplus
via reddit http://ift.tt/2mlxATi

EMC, VMware security bugs throw gasoline on cloud security fire
http://ift.tt/2DfVkiT

Submitted January 11, 2018 at 02:55AM by DerBootsMann
via reddit http://ift.tt/2mf634Y

Solving the SANS 2017 Holiday Hack Challenge
http://ift.tt/2Ex6L4T

Submitted January 11, 2018 at 04:33AM by the-useless-one
via reddit http://ift.tt/2CNDDpJ

MELTDOWN AND SPECTRE HELP
I am sorry if this is the wrong subreddit to post this in but I am not to sure where I should post this. I just wanted to ask what I need to do to protect myself from meltdown and spectre. I already can not update by bios because the last update it got was 2014 so unless I buy a new motherboard which I can't afford I am stuck with that problem. However I updated my windows 8.1 with all the latest updates, I updated my firefox but not to sure about my chrome. Is there anything else I can do ? I use ublock, will this block any noscripts running on websites, also what is this intel me stuff. I dl bit defender as well. I am just really confused about all this stuff.

Submitted January 11, 2018 at 05:15AM by Zaftex
via reddit http://ift.tt/2qPpIOt

Halcyon IDE 2.0.1 (codename:Aeolus) released. Open Source IDE for Nmap Script Developers. See the changelog for details http://ift.tt/2mgBmfE
http://ift.tt/2D2IzdE

Submitted January 11, 2018 at 12:25PM by s4n7h0
via reddit http://ift.tt/2D3dy9E

[PoC&Whitepaper] Exploitation Information disclosure, SQL injection and crypto issue vulerabilities to get SAP users passwords
http://ift.tt/2CY4ymb

Submitted January 11, 2018 at 12:13PM by vah_13
via reddit http://ift.tt/2mpYdX1

Carphone Warehouse fined for 'striking' number of failures that led to data breach
http://ift.tt/2EtujaS

Submitted January 11, 2018 at 02:47PM by GemmaJ123
via reddit http://ift.tt/2D1wvud

New Wi-Fi Standard Shakes Up Security
http://ift.tt/2D215nm

Submitted January 11, 2018 at 05:19PM by htbridgedigital
via reddit http://ift.tt/2Dkal3f

Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched
http://ift.tt/2qmqi6c

Submitted January 11, 2018 at 05:14PM by SnapDraco
via reddit http://ift.tt/2CR9KoH

Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched
http://ift.tt/2qmqi6c

Submitted January 11, 2018 at 05:24PM by SnapDraco
via reddit http://ift.tt/2Fqn58R

Using Google Cloud Platform to store and query 1.4 billion usernames and passwords(step-by-step setup)
http://ift.tt/2mt1zIV

Submitted January 11, 2018 at 06:30PM by diaanasxsw
via reddit http://ift.tt/2CRqpZh

Issue with LastPass, possibility of compromising account security.
Good morning, this is my first time here. Please let me know if I should be posting somewhere else.In order to deal with the unbelievably huge amount of passwords we have to deal with nowadays, I got myself a password manager. My current setup is with LastPass. In order to remain as safe as conveniently possible, I require to sign-in to LastPass each time I open my Internet browser, and signing-in requires 2FA.However, I've lately noticed that 2FA is not working properly. As an example, if I open Reddit and click on the LastPass icon to sign-in to LastPass, it will request that I put in my account and password. When I do, it should proceed to the 2FA screen, which it does... BUT it ALSO automatically populates the fields in Reddit... so I can actually log into my Reddit account without completing the 2FA process.Have others experiencing this? Is this a normal function? What should I do if it's not intended to be this way? I have not contacted LastPass yet in case this was actually meant to function this way.

Submitted January 11, 2018 at 06:33PM by DrPatchwerk
via reddit http://ift.tt/2FqEMoP

Security In 5: Episode 150 - Serious Processor Security Flaw Impacts Almost Every Computer and Mobile Device, Patch Now
http://ift.tt/2DlmN2L

Submitted January 11, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2CRE2Yr

Business Continuity - Appealing to the emotional side of BC team members
It's easy to sit in a room with a group of people and talk about why a business continuity plan is important. Sitting down at a table, mapping business processes, department interdependencies, vendor dependencies, quantifying potential losses if we are without a specific business process for 1 week is logical. It's easy to see, understand, and define. This is the logical part of the plan.The logical aspect of the plan is only 1 half of accomplishing this task though. It's not enough motivation to get a group of people to buy into a process and actually want to invest time and energy into accomplishing the goal and develop this plan, even if they understand the importance. Everyone is busy with their own work, their own day-to-day responsibilities, and being part of this team is "extra curricular" -- so how do we motivate them to contribute and WANT to do this work, despite them understanding it's importance?This is why it's important to appeal to the emotional side of the team members. What does failure look like? What happens when a company fails to plan? I want to show this to my BC team through examples and video. I'm having a hard time finding examples of this though. I'm hoping members of this subreddit might be able to provide examples either through case studies, video, etc. of examples where businesses have failed to plan and as a result have suffered the consequences. I think showing the team these examples might stir some emotion and get them thinking about what would happen here if we failed to plan.The emotional side will provide the drive, the logical side will provide the direction.

Submitted January 11, 2018 at 07:06PM by Platinum1211
via reddit http://ift.tt/2DlqBAK

Inside physical security network
http://ift.tt/2mjUn0H

Submitted January 11, 2018 at 07:37PM by Runa77
via reddit http://ift.tt/2CPL1kl