Skyfall and Solace (new vulnerabilities TBD using speculative execution vector)
http://ift.tt/2FS4yCU
Submitted January 18, 2018 at 08:23PM by GustaveBob
via reddit http://ift.tt/2EU6SHX
http://ift.tt/2FS4yCU
Submitted January 18, 2018 at 08:23PM by GustaveBob
via reddit http://ift.tt/2EU6SHX
reddit
Skyfall and Solace (new vulnerabilities TBD using... • r/netsec
2 points and 3 comments so far on reddit
Bypassing CloudFlare using Internet-wide scan data
http://ift.tt/2DrZB5a
Submitted January 18, 2018 at 09:18PM by thorn42
via reddit http://ift.tt/2Bd5sWM
http://ift.tt/2DrZB5a
Submitted January 18, 2018 at 09:18PM by thorn42
via reddit http://ift.tt/2Bd5sWM
Christophe Tafani-Dereeper
CloudFlair: Bypassing CloudFlare using Internet-wide scan data - Christophe Tafani-Dereeper
CloudFlare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or…
CubeCart Admin Authentication Bypass
http://ift.tt/2FKWX95
Submitted January 18, 2018 at 11:41PM by zit-hb
via reddit http://ift.tt/2mLAe3U
http://ift.tt/2FKWX95
Submitted January 18, 2018 at 11:41PM by zit-hb
via reddit http://ift.tt/2mLAe3U
reddit
CubeCart Admin Authentication Bypass • r/netsec
4 points and 0 comments so far on reddit
US ‘hacking back’ law could create a cyber wild west of vigilantism
http://ift.tt/2DNru5i
Submitted January 19, 2018 at 12:14AM by DEAF-LAMONT
via reddit http://ift.tt/2mT1A93
http://ift.tt/2DNru5i
Submitted January 19, 2018 at 12:14AM by DEAF-LAMONT
via reddit http://ift.tt/2mT1A93
Idgconnect
US ‘hacking back’ law could create a cyber wild west of vigilantism | IDG Connect
Security experts give their views on the Active Cyber Defense Certainty Act.
Windows 10's "Controlled Folder Access" Anti-Ransomware Feature Is Now Live
http://ift.tt/2xZDDQt
Submitted January 19, 2018 at 01:56AM by speckz
via reddit http://ift.tt/2mUvE4t
http://ift.tt/2xZDDQt
Submitted January 19, 2018 at 01:56AM by speckz
via reddit http://ift.tt/2mUvE4t
BleepingComputer
Windows 10's "Controlled Folder Access" Anti-Ransomware Feature Is Now Live
With the release of Windows 10 Fall Creators Update last week, the "Controlled Folder Access" that Microsoft touted in June is now live for millions of users.
Is it possible to hack NFL headset comms?
With the super bowl coming up I wonder how difficult it would be for one team to listen in on the communication on the other team’s wireless headsets.They always cover their mouth now to protect against lip readers. So perhaps teams are trying other methods.
Submitted January 19, 2018 at 02:35AM by laserpistols
via reddit http://ift.tt/2mOhRLH
With the super bowl coming up I wonder how difficult it would be for one team to listen in on the communication on the other team’s wireless headsets.They always cover their mouth now to protect against lip readers. So perhaps teams are trying other methods.
Submitted January 19, 2018 at 02:35AM by laserpistols
via reddit http://ift.tt/2mOhRLH
reddit
Is it possible to hack NFL headset comms? • r/security
With the super bowl coming up I wonder how difficult it would be for one team to listen in on the communication on the other team’s wireless...
Linux heap exploitation intro series - (bonus) printf might be leaking!
http://ift.tt/2mT7uqZ
Submitted January 19, 2018 at 02:23AM by symeon
via reddit http://ift.tt/2DjPs7d
http://ift.tt/2mT7uqZ
Submitted January 19, 2018 at 02:23AM by symeon
via reddit http://ift.tt/2DjPs7d
Sensepost
SensePost | Linux heap exploitation intro series – (bonus) printf might be leaking!
Leaders in Information Security
A Review of the 'Hands on Hacking' workshop by Hacker House
http://ift.tt/2EV4jW5
Submitted January 19, 2018 at 02:07AM by mathmare
via reddit http://ift.tt/2FS1uXj
http://ift.tt/2EV4jW5
Submitted January 19, 2018 at 02:07AM by mathmare
via reddit http://ift.tt/2FS1uXj
gaussian.horse
Alexander Ahmann::Hacker House: A Very Short Introduction to Hacking*
On the 12th of December, I attended a four day workshop called Hands on Hacking that was being offered by one of Britain’s top information security companies...
Are Skyfall and Solace vulnerabilities a hoax?
http://ift.tt/2mOnUQw
Submitted January 19, 2018 at 04:06PM by jormaggio
via reddit http://ift.tt/2Ds7oAL
http://ift.tt/2mOnUQw
Submitted January 19, 2018 at 04:06PM by jormaggio
via reddit http://ift.tt/2Ds7oAL
reddit
Are Skyfall and Solace vulnerabilities a hoax? • r/security
1 points and 1 comments so far on reddit
Practical advice to minimise risk after Meltdown/Spectre
http://ift.tt/2FURDAb
Submitted January 19, 2018 at 07:02PM by LiamBigDataDonoghue
via reddit http://ift.tt/2BeGE0w
http://ift.tt/2FURDAb
Submitted January 19, 2018 at 07:02PM by LiamBigDataDonoghue
via reddit http://ift.tt/2BeGE0w
IT Recruitment Agency
Practical advice to minimise risk after Meltdown/Spectre - IT Recruitment Agency
Meltdown and Spectre are hardware bugs that allow malicious programs to steal data from the memory of other programs, putting a wide variety of sensitive information at risk.
Nessus Scan Data Visualization in Maltego
http://ift.tt/2rneZLm
Submitted January 19, 2018 at 06:54PM by securifera
via reddit http://ift.tt/2mV8qek
http://ift.tt/2rneZLm
Submitted January 19, 2018 at 06:54PM by securifera
via reddit http://ift.tt/2mV8qek
Securifera
Nessus => Maltego – Securifera
Overview
Visualizing, organizing, and processing information on large networks can be a difficult task. Often I find myself being given incomplete data or large amounts of scan results that can take forever to analyze. Recently I was handed a large collection…
Visualizing, organizing, and processing information on large networks can be a difficult task. Often I find myself being given incomplete data or large amounts of scan results that can take forever to analyze. Recently I was handed a large collection…
Research on Misconfigured Jenkins Servers - emtunc's Blog
http://ift.tt/2EXA5BM
Submitted January 19, 2018 at 07:41PM by emtunc
via reddit http://ift.tt/2DwWdWE
http://ift.tt/2EXA5BM
Submitted January 19, 2018 at 07:41PM by emtunc
via reddit http://ift.tt/2DwWdWE
emtunc's Blog
My Research on Misconfigured Jenkins Servers - emtunc's Blog
Late last year I decided to see how many misconfigured CI/CD (continuous integration and deployment) installations I could find on the internet. I decided to focus my research on one of the most popular CI/CD applications – Jenkins. This article isn’t an…
Automating VMware RPC Request Sniffing: ZDI researcher details how he wrote a noscript to sniff RPC requests from VMware guest-to-host communications – a capability beneficial in writing VMware RPC exploits.
http://ift.tt/2rp5mfc
Submitted January 19, 2018 at 08:41PM by RedmondSecGnome
via reddit http://ift.tt/2FRKq3z
http://ift.tt/2rp5mfc
Submitted January 19, 2018 at 08:41PM by RedmondSecGnome
via reddit http://ift.tt/2FRKq3z
Zero Day Initiative
Automating VMware RPC Request Sniffing
Last year, my colleagues and I spoke about different VMware topics at various conferences. One of the topics we covered was RPC tooling, as we detailed writing tools to interact with the RPC interface. We also briefly discussed how to sniff the RPC requests…
Secure Contexts Everywhere
http://ift.tt/2FDrGVr
Submitted January 19, 2018 at 08:28PM by speckz
via reddit http://ift.tt/2mPWGco
http://ift.tt/2FDrGVr
Submitted January 19, 2018 at 08:28PM by speckz
via reddit http://ift.tt/2mPWGco
Mozilla Security Blog
Secure Contexts Everywhere
Since Let’s Encrypt launched, the Secure Contexts specification has become much more mature. We have witnessed the successful restriction of existing, as well as new ...
On the physical security side, do real security cameras ever have blinking lights?
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the blinking lights bother me. Isn't that a dead giveaway that they're fake?
Submitted January 19, 2018 at 07:54PM by suddenly_ponies
via reddit http://ift.tt/2Ds12Sd
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the blinking lights bother me. Isn't that a dead giveaway that they're fake?
Submitted January 19, 2018 at 07:54PM by suddenly_ponies
via reddit http://ift.tt/2Ds12Sd
reddit
On the physical security side, do real security... • r/security
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the...
Security In 5: Episode 156 - Tools, Tips and Tricks - Exploit Database
http://ift.tt/2DoNV3P
Submitted January 19, 2018 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2mQjHfg
http://ift.tt/2DoNV3P
Submitted January 19, 2018 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2mQjHfg
Libsyn
Security In Five Podcast: Episode 156 - Tools, Tips and Tricks - Exploit Database
Everyday we hear about a new vulnerability, a new flaw, a series of critical patches we need to apply. How do we keep it all straight? The Exploit Database is how. This episode goes into what the Exploit Database is and why you should have it in your bookmarks…
How Slack Stays Secure During Hyper Growth
http://ift.tt/2EWjONK
Submitted January 20, 2018 at 12:11AM by MaliaPowers
via reddit http://ift.tt/2DQCtLy
http://ift.tt/2EWjONK
Submitted January 20, 2018 at 12:11AM by MaliaPowers
via reddit http://ift.tt/2DQCtLy
Heavybit
The Secure Developer %%sep%% %%noscript%% %%sep%% %%sitename%%
In the latest episode of The Secure Developer, Guy is joined by Geoff Belknap, Chief Security Officer at Slack. Geoff discusses what drew him into security and reveals why it's critical for security teams to be recognized as a full-fledged member of engineering.…
DarkComet upload vulnerability
http://ift.tt/2DxNl3n
Submitted January 20, 2018 at 01:44AM by JustThisNietzscheGuy
via reddit http://ift.tt/2EVwjcd
http://ift.tt/2DxNl3n
Submitted January 20, 2018 at 01:44AM by JustThisNietzscheGuy
via reddit http://ift.tt/2EVwjcd
pseudolaboratories.github.io
DarkComet upload vulnerability
This post will introduce a file upload vulnerability in DarkComet’s C&C server. While a flaw that allows an attacker to download files has already been known for many years there is no mention of this very similar vulnerability.
A quick disclaimer before…
A quick disclaimer before…
Security Orchestration for Endpoint Security: Use Cases
http://ift.tt/2DmxkcT
Submitted January 20, 2018 at 04:15AM by abhishekiyer
via reddit http://ift.tt/2DS6U3Y
http://ift.tt/2DmxkcT
Submitted January 20, 2018 at 04:15AM by abhishekiyer
via reddit http://ift.tt/2DS6U3Y
Demisto
Security Orchestration for Endpoint Security: Carbon Black and Demisto
Learn how to leverage Demisto’s security orchestration with Carbon Black products to coordinate endpoint security, control, and response from one console.
OnePlus got pwned, exposed up to 40,000 users to credit card fraud | A malicious noscript injected into OnePlus' payment page went undiscovered for two months.
http://ift.tt/2mTdFeI
Submitted January 20, 2018 at 11:56AM by RandomCollection
via reddit http://ift.tt/2mROqIG
http://ift.tt/2mTdFeI
Submitted January 20, 2018 at 11:56AM by RandomCollection
via reddit http://ift.tt/2mROqIG
Ars Technica
OnePlus got pwned, exposed up to 40,000 users to credit card fraud
A malicious noscript injected into OnePlus' payment page went undiscovered for two months.
British teen gained access to US intelligence operations by pretending to be CIA head
http://ift.tt/2EZyNXf
Submitted January 20, 2018 at 03:54PM by Bastet1
via reddit http://ift.tt/2Bg0RTW
http://ift.tt/2EZyNXf
Submitted January 20, 2018 at 03:54PM by Bastet1
via reddit http://ift.tt/2Bg0RTW
Express.co.uk
British teen gained access to US intelligence operations by pretending to be CIA head
A BRITISH teenager is to be sentenced at the Old Bailey after he gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA, it has been reported.