Using Google Cloud Platform to store and query 1.4 billion usernames and passwords(step-by-step setup)
http://ift.tt/2mt1zIV
Submitted January 11, 2018 at 06:30PM by diaanasxsw
via reddit http://ift.tt/2CRqpZh
http://ift.tt/2mt1zIV
Submitted January 11, 2018 at 06:30PM by diaanasxsw
via reddit http://ift.tt/2CRqpZh
Appsecco
Using Google Cloud Platform to store and query 1.4 billion usernames and passwords
How we used GCP to search massive data breach dump and how you can set it up too.
Issue with LastPass, possibility of compromising account security.
Good morning, this is my first time here. Please let me know if I should be posting somewhere else.In order to deal with the unbelievably huge amount of passwords we have to deal with nowadays, I got myself a password manager. My current setup is with LastPass. In order to remain as safe as conveniently possible, I require to sign-in to LastPass each time I open my Internet browser, and signing-in requires 2FA.However, I've lately noticed that 2FA is not working properly. As an example, if I open Reddit and click on the LastPass icon to sign-in to LastPass, it will request that I put in my account and password. When I do, it should proceed to the 2FA screen, which it does... BUT it ALSO automatically populates the fields in Reddit... so I can actually log into my Reddit account without completing the 2FA process.Have others experiencing this? Is this a normal function? What should I do if it's not intended to be this way? I have not contacted LastPass yet in case this was actually meant to function this way.
Submitted January 11, 2018 at 06:33PM by DrPatchwerk
via reddit http://ift.tt/2FqEMoP
Good morning, this is my first time here. Please let me know if I should be posting somewhere else.In order to deal with the unbelievably huge amount of passwords we have to deal with nowadays, I got myself a password manager. My current setup is with LastPass. In order to remain as safe as conveniently possible, I require to sign-in to LastPass each time I open my Internet browser, and signing-in requires 2FA.However, I've lately noticed that 2FA is not working properly. As an example, if I open Reddit and click on the LastPass icon to sign-in to LastPass, it will request that I put in my account and password. When I do, it should proceed to the 2FA screen, which it does... BUT it ALSO automatically populates the fields in Reddit... so I can actually log into my Reddit account without completing the 2FA process.Have others experiencing this? Is this a normal function? What should I do if it's not intended to be this way? I have not contacted LastPass yet in case this was actually meant to function this way.
Submitted January 11, 2018 at 06:33PM by DrPatchwerk
via reddit http://ift.tt/2FqEMoP
reddit
Issue with LastPass, possibility of compromising... • r/security
Good morning, this is my first time here. Please let me know if I should be posting somewhere else. In order to deal with the unbelievably huge...
Security In 5: Episode 150 - Serious Processor Security Flaw Impacts Almost Every Computer and Mobile Device, Patch Now
http://ift.tt/2DlmN2L
Submitted January 11, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2CRE2Yr
http://ift.tt/2DlmN2L
Submitted January 11, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2CRE2Yr
Libsyn
Security In Five Podcast: Episode 150 - Serious Processor Security Flaw Impacts Almost Every Computer and Mobile Device, Patch…
A new security flaw has been announced that impacts almost every computer and mobile device built in the last 10 years. This shows the importance of patching regularly, especially when major vulnerabilities are announced like this. This episode goes over…
Business Continuity - Appealing to the emotional side of BC team members
It's easy to sit in a room with a group of people and talk about why a business continuity plan is important. Sitting down at a table, mapping business processes, department interdependencies, vendor dependencies, quantifying potential losses if we are without a specific business process for 1 week is logical. It's easy to see, understand, and define. This is the logical part of the plan.The logical aspect of the plan is only 1 half of accomplishing this task though. It's not enough motivation to get a group of people to buy into a process and actually want to invest time and energy into accomplishing the goal and develop this plan, even if they understand the importance. Everyone is busy with their own work, their own day-to-day responsibilities, and being part of this team is "extra curricular" -- so how do we motivate them to contribute and WANT to do this work, despite them understanding it's importance?This is why it's important to appeal to the emotional side of the team members. What does failure look like? What happens when a company fails to plan? I want to show this to my BC team through examples and video. I'm having a hard time finding examples of this though. I'm hoping members of this subreddit might be able to provide examples either through case studies, video, etc. of examples where businesses have failed to plan and as a result have suffered the consequences. I think showing the team these examples might stir some emotion and get them thinking about what would happen here if we failed to plan.The emotional side will provide the drive, the logical side will provide the direction.
Submitted January 11, 2018 at 07:06PM by Platinum1211
via reddit http://ift.tt/2DlqBAK
It's easy to sit in a room with a group of people and talk about why a business continuity plan is important. Sitting down at a table, mapping business processes, department interdependencies, vendor dependencies, quantifying potential losses if we are without a specific business process for 1 week is logical. It's easy to see, understand, and define. This is the logical part of the plan.The logical aspect of the plan is only 1 half of accomplishing this task though. It's not enough motivation to get a group of people to buy into a process and actually want to invest time and energy into accomplishing the goal and develop this plan, even if they understand the importance. Everyone is busy with their own work, their own day-to-day responsibilities, and being part of this team is "extra curricular" -- so how do we motivate them to contribute and WANT to do this work, despite them understanding it's importance?This is why it's important to appeal to the emotional side of the team members. What does failure look like? What happens when a company fails to plan? I want to show this to my BC team through examples and video. I'm having a hard time finding examples of this though. I'm hoping members of this subreddit might be able to provide examples either through case studies, video, etc. of examples where businesses have failed to plan and as a result have suffered the consequences. I think showing the team these examples might stir some emotion and get them thinking about what would happen here if we failed to plan.The emotional side will provide the drive, the logical side will provide the direction.
Submitted January 11, 2018 at 07:06PM by Platinum1211
via reddit http://ift.tt/2DlqBAK
reddit
Business Continuity - Appealing to the emotional side... • r/security
It's easy to sit in a room with a group of people and talk about why a business continuity plan is important. Sitting down at a table, mapping...
Inside physical security network
http://ift.tt/2mjUn0H
Submitted January 11, 2018 at 07:37PM by Runa77
via reddit http://ift.tt/2CPL1kl
http://ift.tt/2mjUn0H
Submitted January 11, 2018 at 07:37PM by Runa77
via reddit http://ift.tt/2CPL1kl
Vunetrix
What’s happening inside your physical security network? Do you know? Do you know your normal? - Vunetrix
Tracking for normal is how we do everything today. And, everyone’s normal is different. The quirks and idiosyncrasies that everyone has are what makes them who they are. In our...
Cisco Rolls Out Solution to Detect Malware in Encrypted Traffic
http://ift.tt/2APdDZc
Submitted January 11, 2018 at 08:52PM by DJRWolf
via reddit http://ift.tt/2CR40Lj
http://ift.tt/2APdDZc
Submitted January 11, 2018 at 08:52PM by DJRWolf
via reddit http://ift.tt/2CR40Lj
BleepingComputer
Cisco Rolls Out Solution to Detect Malware in Encrypted Traffic
Yesterday, Cisco rolled out Encrypted Traffic Analytics (ETA), a breakthrough technology that identifies malware in encrypted traffic without the need of intercepting and decrypting data streams.
mitm6 – compromising IPv4 networks via IPv6
http://ift.tt/2mqAINJ
Submitted January 11, 2018 at 09:26PM by ProvadysOffsec
via reddit http://ift.tt/2CRZ0GD
http://ift.tt/2mqAINJ
Submitted January 11, 2018 at 09:26PM by ProvadysOffsec
via reddit http://ift.tt/2CRZ0GD
Fox-IT International blog
mitm6 – compromising IPv4 networks via IPv6
While IPv6 adoption is increasing on the internet, company networks that use IPv6 internally are quite rare. However, most companies are unaware that while IPv6 might not be actively in use, all Wi…
When Scriptlets Attack: The Moniker
http://ift.tt/2DjBe7k
Submitted January 11, 2018 at 10:07PM by teksquisite
via reddit http://ift.tt/2DlXhdJ
http://ift.tt/2DjBe7k
Submitted January 11, 2018 at 10:07PM by teksquisite
via reddit http://ift.tt/2DlXhdJ
Lastline
When Scriptlets Attack: The Moniker
Authored by: Alexander Sevtsov Edited by: Stefano Ortolani In the previous article, we have described an attack that makes use of a noscript moniker to execute a Windows Script Component (WSC) file or noscriptlet. A noscriptlet is nothing
How to use PowerShell to detect and protect Windows 10 from the Meltdown bug
https://youtu.be/7R32l458j78
Submitted January 11, 2018 at 07:25PM by vonnieeee
via reddit http://ift.tt/2Ey5cDQ
https://youtu.be/7R32l458j78
Submitted January 11, 2018 at 07:25PM by vonnieeee
via reddit http://ift.tt/2Ey5cDQ
YouTube
Meltdown and Spectre: How to Detect and Protect Yourself in Windows 10
In this video you'll learn exactly what the Meltdown Intel bug is. I'll talk about the differences between user mode and kernel mode memory processes as well...
New Python-Based Crypto-Miner Botnet Flying Under the Radar
http://ift.tt/2CTLdz4
Submitted January 11, 2018 at 11:21PM by TR-BetaFlash
via reddit http://ift.tt/2ExMmNr
http://ift.tt/2CTLdz4
Submitted January 11, 2018 at 11:21PM by TR-BetaFlash
via reddit http://ift.tt/2ExMmNr
F5
New Python-Based Crypto-Miner Botnet Flying Under the Radar
A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.
Pen Testing as a Service Life Cycle
http://ift.tt/2EycEik
Submitted January 12, 2018 at 01:26AM by ju1i3k
via reddit http://ift.tt/2ASaeJa
http://ift.tt/2EycEik
Submitted January 12, 2018 at 01:26AM by ju1i3k
via reddit http://ift.tt/2ASaeJa
Cobalt.io
Pen Testing as a Service Life Cycle
The process of a modern pen test platform
Pure VBS reverse shell
http://ift.tt/2CS3YDd
Submitted January 12, 2018 at 01:13AM by cym13
via reddit http://ift.tt/2AQbfBy
http://ift.tt/2CS3YDd
Submitted January 12, 2018 at 01:13AM by cym13
via reddit http://ift.tt/2AQbfBy
Harvesting credit card numbers and passwords from your site. Here’s how.
http://ift.tt/2D1QrtA
Submitted January 12, 2018 at 02:42AM by stanislavb
via reddit http://ift.tt/2D22B97
http://ift.tt/2D1QrtA
Submitted January 12, 2018 at 02:42AM by stanislavb
via reddit http://ift.tt/2D22B97
Hacker Noon
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.
Spectre and Meltdown are just the beginning
http://ift.tt/2ExIJqE
Submitted January 12, 2018 at 01:38AM by ExternalUserError
via reddit http://ift.tt/2EyWyVM
http://ift.tt/2ExIJqE
Submitted January 12, 2018 at 01:38AM by ExternalUserError
via reddit http://ift.tt/2EyWyVM
Hacker Noon
Spectre and Meltdown are just the beginning
There’s never just one or two isolated, one-off flaws in complex computing products. Especially with a product as complex and widely used…
Facebook's Bug - Unauthorized access to credit/prepaid card details (limited) of any user
http://ift.tt/2D2qbl7
Submitted January 12, 2018 at 02:40AM by campuscodi
via reddit http://ift.tt/2qR7QCE
http://ift.tt/2D2qbl7
Submitted January 12, 2018 at 02:40AM by campuscodi
via reddit http://ift.tt/2qR7QCE
reddit
Facebook's Bug - Unauthorized access to credit/prepaid... • r/netsec
4 points and 1 comments so far on reddit
Ubuntu releases microcode to fix CVE 2017-5715, part of Spectre.
http://ift.tt/2qZ5Ng8
Submitted January 12, 2018 at 02:00AM by Neo-Bubba
via reddit http://ift.tt/2CRegTZ
http://ift.tt/2qZ5Ng8
Submitted January 12, 2018 at 02:00AM by Neo-Bubba
via reddit http://ift.tt/2CRegTZ
reddit
Ubuntu releases microcode to fix CVE 2017-5715, part of... • r/netsec
6 points and 3 comments so far on reddit
New Phrack paper: .NET Instrumentation via MSIL bytecode injection
http://ift.tt/2CSJYAr
Submitted January 12, 2018 at 01:16AM by joernchen
via reddit http://ift.tt/2AQUo1D
http://ift.tt/2CSJYAr
Submitted January 12, 2018 at 01:16AM by joernchen
via reddit http://ift.tt/2AQUo1D
phrack.org
.:: Phrack Magazine ::.
Phrack staff website.
Week 2 in Information Security, 2018
http://ift.tt/2D2AnKn
Submitted January 12, 2018 at 03:05AM by undercomm
via reddit http://ift.tt/2FpiF25
http://ift.tt/2D2AnKn
Submitted January 12, 2018 at 03:05AM by undercomm
via reddit http://ift.tt/2FpiF25
Malgregator
InfoSec Week 2, 2018
New research has found a flaw in a group messaging part of a Signal protocol used by Signal, WhatsApp and Threema. It’s hardly...
The Bug That Killed Equation Editor - How We Found, Exploited And Micropatched It (CVE-2018-0802)
http://ift.tt/2mtGHkz
Submitted January 11, 2018 at 11:39PM by dielel
via reddit http://ift.tt/2mj9O9C
http://ift.tt/2mtGHkz
Submitted January 11, 2018 at 11:39PM by dielel
via reddit http://ift.tt/2mj9O9C
0patch.blogspot.co.uk
The Bug That Killed Equation Editor - How We Found, Exploited And Micropatched It (CVE-2018-0802)
One of the Seven Stories Behind an Epic Bug Collision by Mitja Kolsek, the 0patch Team Last November, Microsoft manually patched a rem...
Week 2 in Information Security, 2018
http://ift.tt/2D2AnKn
Submitted January 12, 2018 at 03:05AM by undercomm
via reddit http://ift.tt/2AR1qTQ
http://ift.tt/2D2AnKn
Submitted January 12, 2018 at 03:05AM by undercomm
via reddit http://ift.tt/2AR1qTQ
Malgregator
InfoSec Week 2, 2018
New research has found a flaw in a group messaging part of a Signal protocol used by Signal, WhatsApp and Threema. It’s hardly...
Heads-up: Compromised Office 365 accounts showing up with rules that delete messages which would show evidence of the compromise.
http://ift.tt/2mjOm4m
Submitted January 12, 2018 at 04:27AM by iammandalore
via reddit http://ift.tt/2mmLCmT
http://ift.tt/2mjOm4m
Submitted January 12, 2018 at 04:27AM by iammandalore
via reddit http://ift.tt/2mmLCmT
reddit
Heads-up: Compromised Office 365 accounts showing up... • r/sysadmin
Apologies if this is already known to you guys, but this was a new one for me today. TL;DR at the bottom. We had a customer call with a...