EMC, VMware security bugs throw gasoline on cloud security fire
http://ift.tt/2DfVkiT
Submitted January 11, 2018 at 02:55AM by DerBootsMann
via reddit http://ift.tt/2mf634Y
http://ift.tt/2DfVkiT
Submitted January 11, 2018 at 02:55AM by DerBootsMann
via reddit http://ift.tt/2mf634Y
Ars Technica
EMC, VMware security bugs throw gasoline on cloud security fire
Backups of virtual machines on some hosts could be accessed or altered by an attacker.
Solving the SANS 2017 Holiday Hack Challenge
http://ift.tt/2Ex6L4T
Submitted January 11, 2018 at 04:33AM by the-useless-one
via reddit http://ift.tt/2CNDDpJ
http://ift.tt/2Ex6L4T
Submitted January 11, 2018 at 04:33AM by the-useless-one
via reddit http://ift.tt/2CNDDpJ
All Your Base Are Belong To Me
SANS Christmas Challenge 2017
'Tis the season to be pwning, falalalala lalalala. As usual, here's my write-up for the 2017 SANS Christmas Challenge. We're greeted by Sam the Snowman, who exposes the situation to us. The North Pole is under siege, attacked by giant falling snowballs, and…
MELTDOWN AND SPECTRE HELP
I am sorry if this is the wrong subreddit to post this in but I am not to sure where I should post this. I just wanted to ask what I need to do to protect myself from meltdown and spectre. I already can not update by bios because the last update it got was 2014 so unless I buy a new motherboard which I can't afford I am stuck with that problem. However I updated my windows 8.1 with all the latest updates, I updated my firefox but not to sure about my chrome. Is there anything else I can do ? I use ublock, will this block any noscripts running on websites, also what is this intel me stuff. I dl bit defender as well. I am just really confused about all this stuff.
Submitted January 11, 2018 at 05:15AM by Zaftex
via reddit http://ift.tt/2qPpIOt
I am sorry if this is the wrong subreddit to post this in but I am not to sure where I should post this. I just wanted to ask what I need to do to protect myself from meltdown and spectre. I already can not update by bios because the last update it got was 2014 so unless I buy a new motherboard which I can't afford I am stuck with that problem. However I updated my windows 8.1 with all the latest updates, I updated my firefox but not to sure about my chrome. Is there anything else I can do ? I use ublock, will this block any noscripts running on websites, also what is this intel me stuff. I dl bit defender as well. I am just really confused about all this stuff.
Submitted January 11, 2018 at 05:15AM by Zaftex
via reddit http://ift.tt/2qPpIOt
reddit
MELTDOWN AND SPECTRE HELP • r/security
I am sorry if this is the wrong subreddit to post this in but I am not to sure where I should post this. I just wanted to ask what I need to do to...
Halcyon IDE 2.0.1 (codename:Aeolus) released. Open Source IDE for Nmap Script Developers. See the changelog for details http://ift.tt/2mgBmfE
http://ift.tt/2D2IzdE
Submitted January 11, 2018 at 12:25PM by s4n7h0
via reddit http://ift.tt/2D3dy9E
http://ift.tt/2D2IzdE
Submitted January 11, 2018 at 12:25PM by s4n7h0
via reddit http://ift.tt/2D3dy9E
halcyon-ide.org
Halcyon IDE
Halcyon IDE - the first IDE for explicitly develop Nmap Scan Scripts
[PoC&Whitepaper] Exploitation Information disclosure, SQL injection and crypto issue vulerabilities to get SAP users passwords
http://ift.tt/2CY4ymb
Submitted January 11, 2018 at 12:13PM by vah_13
via reddit http://ift.tt/2mpYdX1
http://ift.tt/2CY4ymb
Submitted January 11, 2018 at 12:13PM by vah_13
via reddit http://ift.tt/2mpYdX1
GitHub
vah13/SAP_exploit
SAP_exploit - Here you can get full exploit for SAP NetWeaver AS JAVA
Carphone Warehouse fined for 'striking' number of failures that led to data breach
http://ift.tt/2EtujaS
Submitted January 11, 2018 at 02:47PM by GemmaJ123
via reddit http://ift.tt/2D1wvud
http://ift.tt/2EtujaS
Submitted January 11, 2018 at 02:47PM by GemmaJ123
via reddit http://ift.tt/2D1wvud
the Guardian
Carphone Warehouse fined for 'striking' number of failures that led to data breach
Information Commissioner’s Office fines company £400,000 for ‘concerning’ security issues following investigation of hack of 3m customers’ data
New Wi-Fi Standard Shakes Up Security
http://ift.tt/2D215nm
Submitted January 11, 2018 at 05:19PM by htbridgedigital
via reddit http://ift.tt/2Dkal3f
http://ift.tt/2D215nm
Submitted January 11, 2018 at 05:19PM by htbridgedigital
via reddit http://ift.tt/2Dkal3f
Htbridge
New Wi-Fi Standard Shakes Up Security
Main vulnerabilities in WPA2 set to be nullified by incoming Wi-Fi standard...
Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched
http://ift.tt/2qmqi6c
Submitted January 11, 2018 at 05:14PM by SnapDraco
via reddit http://ift.tt/2CR9KoH
http://ift.tt/2qmqi6c
Submitted January 11, 2018 at 05:14PM by SnapDraco
via reddit http://ift.tt/2CR9KoH
IT Pro
Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched
A "cross site request forgery" vulnerability in a popular tool for administrating MySQL and MariaDB databases that could lead to data loss has been patched.
Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched
http://ift.tt/2qmqi6c
Submitted January 11, 2018 at 05:24PM by SnapDraco
via reddit http://ift.tt/2Fqn58R
http://ift.tt/2qmqi6c
Submitted January 11, 2018 at 05:24PM by SnapDraco
via reddit http://ift.tt/2Fqn58R
IT Pro
Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched
A "cross site request forgery" vulnerability in a popular tool for administrating MySQL and MariaDB databases that could lead to data loss has been patched.
Using Google Cloud Platform to store and query 1.4 billion usernames and passwords(step-by-step setup)
http://ift.tt/2mt1zIV
Submitted January 11, 2018 at 06:30PM by diaanasxsw
via reddit http://ift.tt/2CRqpZh
http://ift.tt/2mt1zIV
Submitted January 11, 2018 at 06:30PM by diaanasxsw
via reddit http://ift.tt/2CRqpZh
Appsecco
Using Google Cloud Platform to store and query 1.4 billion usernames and passwords
How we used GCP to search massive data breach dump and how you can set it up too.
Issue with LastPass, possibility of compromising account security.
Good morning, this is my first time here. Please let me know if I should be posting somewhere else.In order to deal with the unbelievably huge amount of passwords we have to deal with nowadays, I got myself a password manager. My current setup is with LastPass. In order to remain as safe as conveniently possible, I require to sign-in to LastPass each time I open my Internet browser, and signing-in requires 2FA.However, I've lately noticed that 2FA is not working properly. As an example, if I open Reddit and click on the LastPass icon to sign-in to LastPass, it will request that I put in my account and password. When I do, it should proceed to the 2FA screen, which it does... BUT it ALSO automatically populates the fields in Reddit... so I can actually log into my Reddit account without completing the 2FA process.Have others experiencing this? Is this a normal function? What should I do if it's not intended to be this way? I have not contacted LastPass yet in case this was actually meant to function this way.
Submitted January 11, 2018 at 06:33PM by DrPatchwerk
via reddit http://ift.tt/2FqEMoP
Good morning, this is my first time here. Please let me know if I should be posting somewhere else.In order to deal with the unbelievably huge amount of passwords we have to deal with nowadays, I got myself a password manager. My current setup is with LastPass. In order to remain as safe as conveniently possible, I require to sign-in to LastPass each time I open my Internet browser, and signing-in requires 2FA.However, I've lately noticed that 2FA is not working properly. As an example, if I open Reddit and click on the LastPass icon to sign-in to LastPass, it will request that I put in my account and password. When I do, it should proceed to the 2FA screen, which it does... BUT it ALSO automatically populates the fields in Reddit... so I can actually log into my Reddit account without completing the 2FA process.Have others experiencing this? Is this a normal function? What should I do if it's not intended to be this way? I have not contacted LastPass yet in case this was actually meant to function this way.
Submitted January 11, 2018 at 06:33PM by DrPatchwerk
via reddit http://ift.tt/2FqEMoP
reddit
Issue with LastPass, possibility of compromising... • r/security
Good morning, this is my first time here. Please let me know if I should be posting somewhere else. In order to deal with the unbelievably huge...
Security In 5: Episode 150 - Serious Processor Security Flaw Impacts Almost Every Computer and Mobile Device, Patch Now
http://ift.tt/2DlmN2L
Submitted January 11, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2CRE2Yr
http://ift.tt/2DlmN2L
Submitted January 11, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2CRE2Yr
Libsyn
Security In Five Podcast: Episode 150 - Serious Processor Security Flaw Impacts Almost Every Computer and Mobile Device, Patch…
A new security flaw has been announced that impacts almost every computer and mobile device built in the last 10 years. This shows the importance of patching regularly, especially when major vulnerabilities are announced like this. This episode goes over…
Business Continuity - Appealing to the emotional side of BC team members
It's easy to sit in a room with a group of people and talk about why a business continuity plan is important. Sitting down at a table, mapping business processes, department interdependencies, vendor dependencies, quantifying potential losses if we are without a specific business process for 1 week is logical. It's easy to see, understand, and define. This is the logical part of the plan.The logical aspect of the plan is only 1 half of accomplishing this task though. It's not enough motivation to get a group of people to buy into a process and actually want to invest time and energy into accomplishing the goal and develop this plan, even if they understand the importance. Everyone is busy with their own work, their own day-to-day responsibilities, and being part of this team is "extra curricular" -- so how do we motivate them to contribute and WANT to do this work, despite them understanding it's importance?This is why it's important to appeal to the emotional side of the team members. What does failure look like? What happens when a company fails to plan? I want to show this to my BC team through examples and video. I'm having a hard time finding examples of this though. I'm hoping members of this subreddit might be able to provide examples either through case studies, video, etc. of examples where businesses have failed to plan and as a result have suffered the consequences. I think showing the team these examples might stir some emotion and get them thinking about what would happen here if we failed to plan.The emotional side will provide the drive, the logical side will provide the direction.
Submitted January 11, 2018 at 07:06PM by Platinum1211
via reddit http://ift.tt/2DlqBAK
It's easy to sit in a room with a group of people and talk about why a business continuity plan is important. Sitting down at a table, mapping business processes, department interdependencies, vendor dependencies, quantifying potential losses if we are without a specific business process for 1 week is logical. It's easy to see, understand, and define. This is the logical part of the plan.The logical aspect of the plan is only 1 half of accomplishing this task though. It's not enough motivation to get a group of people to buy into a process and actually want to invest time and energy into accomplishing the goal and develop this plan, even if they understand the importance. Everyone is busy with their own work, their own day-to-day responsibilities, and being part of this team is "extra curricular" -- so how do we motivate them to contribute and WANT to do this work, despite them understanding it's importance?This is why it's important to appeal to the emotional side of the team members. What does failure look like? What happens when a company fails to plan? I want to show this to my BC team through examples and video. I'm having a hard time finding examples of this though. I'm hoping members of this subreddit might be able to provide examples either through case studies, video, etc. of examples where businesses have failed to plan and as a result have suffered the consequences. I think showing the team these examples might stir some emotion and get them thinking about what would happen here if we failed to plan.The emotional side will provide the drive, the logical side will provide the direction.
Submitted January 11, 2018 at 07:06PM by Platinum1211
via reddit http://ift.tt/2DlqBAK
reddit
Business Continuity - Appealing to the emotional side... • r/security
It's easy to sit in a room with a group of people and talk about why a business continuity plan is important. Sitting down at a table, mapping...
Inside physical security network
http://ift.tt/2mjUn0H
Submitted January 11, 2018 at 07:37PM by Runa77
via reddit http://ift.tt/2CPL1kl
http://ift.tt/2mjUn0H
Submitted January 11, 2018 at 07:37PM by Runa77
via reddit http://ift.tt/2CPL1kl
Vunetrix
What’s happening inside your physical security network? Do you know? Do you know your normal? - Vunetrix
Tracking for normal is how we do everything today. And, everyone’s normal is different. The quirks and idiosyncrasies that everyone has are what makes them who they are. In our...
Cisco Rolls Out Solution to Detect Malware in Encrypted Traffic
http://ift.tt/2APdDZc
Submitted January 11, 2018 at 08:52PM by DJRWolf
via reddit http://ift.tt/2CR40Lj
http://ift.tt/2APdDZc
Submitted January 11, 2018 at 08:52PM by DJRWolf
via reddit http://ift.tt/2CR40Lj
BleepingComputer
Cisco Rolls Out Solution to Detect Malware in Encrypted Traffic
Yesterday, Cisco rolled out Encrypted Traffic Analytics (ETA), a breakthrough technology that identifies malware in encrypted traffic without the need of intercepting and decrypting data streams.
mitm6 – compromising IPv4 networks via IPv6
http://ift.tt/2mqAINJ
Submitted January 11, 2018 at 09:26PM by ProvadysOffsec
via reddit http://ift.tt/2CRZ0GD
http://ift.tt/2mqAINJ
Submitted January 11, 2018 at 09:26PM by ProvadysOffsec
via reddit http://ift.tt/2CRZ0GD
Fox-IT International blog
mitm6 – compromising IPv4 networks via IPv6
While IPv6 adoption is increasing on the internet, company networks that use IPv6 internally are quite rare. However, most companies are unaware that while IPv6 might not be actively in use, all Wi…
When Scriptlets Attack: The Moniker
http://ift.tt/2DjBe7k
Submitted January 11, 2018 at 10:07PM by teksquisite
via reddit http://ift.tt/2DlXhdJ
http://ift.tt/2DjBe7k
Submitted January 11, 2018 at 10:07PM by teksquisite
via reddit http://ift.tt/2DlXhdJ
Lastline
When Scriptlets Attack: The Moniker
Authored by: Alexander Sevtsov Edited by: Stefano Ortolani In the previous article, we have described an attack that makes use of a noscript moniker to execute a Windows Script Component (WSC) file or noscriptlet. A noscriptlet is nothing
How to use PowerShell to detect and protect Windows 10 from the Meltdown bug
https://youtu.be/7R32l458j78
Submitted January 11, 2018 at 07:25PM by vonnieeee
via reddit http://ift.tt/2Ey5cDQ
https://youtu.be/7R32l458j78
Submitted January 11, 2018 at 07:25PM by vonnieeee
via reddit http://ift.tt/2Ey5cDQ
YouTube
Meltdown and Spectre: How to Detect and Protect Yourself in Windows 10
In this video you'll learn exactly what the Meltdown Intel bug is. I'll talk about the differences between user mode and kernel mode memory processes as well...
New Python-Based Crypto-Miner Botnet Flying Under the Radar
http://ift.tt/2CTLdz4
Submitted January 11, 2018 at 11:21PM by TR-BetaFlash
via reddit http://ift.tt/2ExMmNr
http://ift.tt/2CTLdz4
Submitted January 11, 2018 at 11:21PM by TR-BetaFlash
via reddit http://ift.tt/2ExMmNr
F5
New Python-Based Crypto-Miner Botnet Flying Under the Radar
A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.
Pen Testing as a Service Life Cycle
http://ift.tt/2EycEik
Submitted January 12, 2018 at 01:26AM by ju1i3k
via reddit http://ift.tt/2ASaeJa
http://ift.tt/2EycEik
Submitted January 12, 2018 at 01:26AM by ju1i3k
via reddit http://ift.tt/2ASaeJa
Cobalt.io
Pen Testing as a Service Life Cycle
The process of a modern pen test platform
Pure VBS reverse shell
http://ift.tt/2CS3YDd
Submitted January 12, 2018 at 01:13AM by cym13
via reddit http://ift.tt/2AQbfBy
http://ift.tt/2CS3YDd
Submitted January 12, 2018 at 01:13AM by cym13
via reddit http://ift.tt/2AQbfBy