Linux heap exploitation intro series - (bonus) printf might be leaking!
http://ift.tt/2mT7uqZ
Submitted January 19, 2018 at 02:23AM by symeon
via reddit http://ift.tt/2DjPs7d
http://ift.tt/2mT7uqZ
Submitted January 19, 2018 at 02:23AM by symeon
via reddit http://ift.tt/2DjPs7d
Sensepost
SensePost | Linux heap exploitation intro series – (bonus) printf might be leaking!
Leaders in Information Security
A Review of the 'Hands on Hacking' workshop by Hacker House
http://ift.tt/2EV4jW5
Submitted January 19, 2018 at 02:07AM by mathmare
via reddit http://ift.tt/2FS1uXj
http://ift.tt/2EV4jW5
Submitted January 19, 2018 at 02:07AM by mathmare
via reddit http://ift.tt/2FS1uXj
gaussian.horse
Alexander Ahmann::Hacker House: A Very Short Introduction to Hacking*
On the 12th of December, I attended a four day workshop called Hands on Hacking that was being offered by one of Britain’s top information security companies...
Are Skyfall and Solace vulnerabilities a hoax?
http://ift.tt/2mOnUQw
Submitted January 19, 2018 at 04:06PM by jormaggio
via reddit http://ift.tt/2Ds7oAL
http://ift.tt/2mOnUQw
Submitted January 19, 2018 at 04:06PM by jormaggio
via reddit http://ift.tt/2Ds7oAL
reddit
Are Skyfall and Solace vulnerabilities a hoax? • r/security
1 points and 1 comments so far on reddit
Practical advice to minimise risk after Meltdown/Spectre
http://ift.tt/2FURDAb
Submitted January 19, 2018 at 07:02PM by LiamBigDataDonoghue
via reddit http://ift.tt/2BeGE0w
http://ift.tt/2FURDAb
Submitted January 19, 2018 at 07:02PM by LiamBigDataDonoghue
via reddit http://ift.tt/2BeGE0w
IT Recruitment Agency
Practical advice to minimise risk after Meltdown/Spectre - IT Recruitment Agency
Meltdown and Spectre are hardware bugs that allow malicious programs to steal data from the memory of other programs, putting a wide variety of sensitive information at risk.
Nessus Scan Data Visualization in Maltego
http://ift.tt/2rneZLm
Submitted January 19, 2018 at 06:54PM by securifera
via reddit http://ift.tt/2mV8qek
http://ift.tt/2rneZLm
Submitted January 19, 2018 at 06:54PM by securifera
via reddit http://ift.tt/2mV8qek
Securifera
Nessus => Maltego – Securifera
Overview
Visualizing, organizing, and processing information on large networks can be a difficult task. Often I find myself being given incomplete data or large amounts of scan results that can take forever to analyze. Recently I was handed a large collection…
Visualizing, organizing, and processing information on large networks can be a difficult task. Often I find myself being given incomplete data or large amounts of scan results that can take forever to analyze. Recently I was handed a large collection…
Research on Misconfigured Jenkins Servers - emtunc's Blog
http://ift.tt/2EXA5BM
Submitted January 19, 2018 at 07:41PM by emtunc
via reddit http://ift.tt/2DwWdWE
http://ift.tt/2EXA5BM
Submitted January 19, 2018 at 07:41PM by emtunc
via reddit http://ift.tt/2DwWdWE
emtunc's Blog
My Research on Misconfigured Jenkins Servers - emtunc's Blog
Late last year I decided to see how many misconfigured CI/CD (continuous integration and deployment) installations I could find on the internet. I decided to focus my research on one of the most popular CI/CD applications – Jenkins. This article isn’t an…
Automating VMware RPC Request Sniffing: ZDI researcher details how he wrote a noscript to sniff RPC requests from VMware guest-to-host communications – a capability beneficial in writing VMware RPC exploits.
http://ift.tt/2rp5mfc
Submitted January 19, 2018 at 08:41PM by RedmondSecGnome
via reddit http://ift.tt/2FRKq3z
http://ift.tt/2rp5mfc
Submitted January 19, 2018 at 08:41PM by RedmondSecGnome
via reddit http://ift.tt/2FRKq3z
Zero Day Initiative
Automating VMware RPC Request Sniffing
Last year, my colleagues and I spoke about different VMware topics at various conferences. One of the topics we covered was RPC tooling, as we detailed writing tools to interact with the RPC interface. We also briefly discussed how to sniff the RPC requests…
Secure Contexts Everywhere
http://ift.tt/2FDrGVr
Submitted January 19, 2018 at 08:28PM by speckz
via reddit http://ift.tt/2mPWGco
http://ift.tt/2FDrGVr
Submitted January 19, 2018 at 08:28PM by speckz
via reddit http://ift.tt/2mPWGco
Mozilla Security Blog
Secure Contexts Everywhere
Since Let’s Encrypt launched, the Secure Contexts specification has become much more mature. We have witnessed the successful restriction of existing, as well as new ...
On the physical security side, do real security cameras ever have blinking lights?
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the blinking lights bother me. Isn't that a dead giveaway that they're fake?
Submitted January 19, 2018 at 07:54PM by suddenly_ponies
via reddit http://ift.tt/2Ds12Sd
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the blinking lights bother me. Isn't that a dead giveaway that they're fake?
Submitted January 19, 2018 at 07:54PM by suddenly_ponies
via reddit http://ift.tt/2Ds12Sd
reddit
On the physical security side, do real security... • r/security
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the...
Security In 5: Episode 156 - Tools, Tips and Tricks - Exploit Database
http://ift.tt/2DoNV3P
Submitted January 19, 2018 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2mQjHfg
http://ift.tt/2DoNV3P
Submitted January 19, 2018 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2mQjHfg
Libsyn
Security In Five Podcast: Episode 156 - Tools, Tips and Tricks - Exploit Database
Everyday we hear about a new vulnerability, a new flaw, a series of critical patches we need to apply. How do we keep it all straight? The Exploit Database is how. This episode goes into what the Exploit Database is and why you should have it in your bookmarks…
How Slack Stays Secure During Hyper Growth
http://ift.tt/2EWjONK
Submitted January 20, 2018 at 12:11AM by MaliaPowers
via reddit http://ift.tt/2DQCtLy
http://ift.tt/2EWjONK
Submitted January 20, 2018 at 12:11AM by MaliaPowers
via reddit http://ift.tt/2DQCtLy
Heavybit
The Secure Developer %%sep%% %%noscript%% %%sep%% %%sitename%%
In the latest episode of The Secure Developer, Guy is joined by Geoff Belknap, Chief Security Officer at Slack. Geoff discusses what drew him into security and reveals why it's critical for security teams to be recognized as a full-fledged member of engineering.…
DarkComet upload vulnerability
http://ift.tt/2DxNl3n
Submitted January 20, 2018 at 01:44AM by JustThisNietzscheGuy
via reddit http://ift.tt/2EVwjcd
http://ift.tt/2DxNl3n
Submitted January 20, 2018 at 01:44AM by JustThisNietzscheGuy
via reddit http://ift.tt/2EVwjcd
pseudolaboratories.github.io
DarkComet upload vulnerability
This post will introduce a file upload vulnerability in DarkComet’s C&C server. While a flaw that allows an attacker to download files has already been known for many years there is no mention of this very similar vulnerability.
A quick disclaimer before…
A quick disclaimer before…
Security Orchestration for Endpoint Security: Use Cases
http://ift.tt/2DmxkcT
Submitted January 20, 2018 at 04:15AM by abhishekiyer
via reddit http://ift.tt/2DS6U3Y
http://ift.tt/2DmxkcT
Submitted January 20, 2018 at 04:15AM by abhishekiyer
via reddit http://ift.tt/2DS6U3Y
Demisto
Security Orchestration for Endpoint Security: Carbon Black and Demisto
Learn how to leverage Demisto’s security orchestration with Carbon Black products to coordinate endpoint security, control, and response from one console.
OnePlus got pwned, exposed up to 40,000 users to credit card fraud | A malicious noscript injected into OnePlus' payment page went undiscovered for two months.
http://ift.tt/2mTdFeI
Submitted January 20, 2018 at 11:56AM by RandomCollection
via reddit http://ift.tt/2mROqIG
http://ift.tt/2mTdFeI
Submitted January 20, 2018 at 11:56AM by RandomCollection
via reddit http://ift.tt/2mROqIG
Ars Technica
OnePlus got pwned, exposed up to 40,000 users to credit card fraud
A malicious noscript injected into OnePlus' payment page went undiscovered for two months.
British teen gained access to US intelligence operations by pretending to be CIA head
http://ift.tt/2EZyNXf
Submitted January 20, 2018 at 03:54PM by Bastet1
via reddit http://ift.tt/2Bg0RTW
http://ift.tt/2EZyNXf
Submitted January 20, 2018 at 03:54PM by Bastet1
via reddit http://ift.tt/2Bg0RTW
Express.co.uk
British teen gained access to US intelligence operations by pretending to be CIA head
A BRITISH teenager is to be sentenced at the Old Bailey after he gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA, it has been reported.
OnePlus website hacked - Credit Card Information of 40000 customers leaked
http://ift.tt/2G0kAKP
Submitted January 20, 2018 at 05:29PM by chieffrank
via reddit http://ift.tt/2DtQnq9
http://ift.tt/2G0kAKP
Submitted January 20, 2018 at 05:29PM by chieffrank
via reddit http://ift.tt/2DtQnq9
IB Computing
OnePlus website hacked - Credit Card Information of 40000 customers leaked - IB Computing
OnePlus website hacked! Mobile manufacturer company OnePlus has confirmed in a forum post that it's been a prey to a Credit Card Hack. The hackers were able to inject some malicious JavaScript code into the website's payment page to extract the credit card…
You can actually update your microcode even without a BIOS update.
Here is how you do it in Windows, and here is some Linux fun. And here is Intel's latest microcode.AMD's microcode you can obtain via this git repo.
Submitted January 20, 2018 at 08:06PM by kn1ght
via reddit http://ift.tt/2DRV7m3
Here is how you do it in Windows, and here is some Linux fun. And here is Intel's latest microcode.AMD's microcode you can obtain via this git repo.
Submitted January 20, 2018 at 08:06PM by kn1ght
via reddit http://ift.tt/2DRV7m3
Tenforums
How to update the CPU's microcode - Windows 10 Forums
Good Morning All, I came from Linux to Windows 10. After 14 years, got tired of the Linux desktop mess. The experience has been good. I've been on W10 since the beginning of the year. Under Linux, CPU
Collection of Books on Info Sec and Hacking
http://ift.tt/2mSDD0U
Submitted January 20, 2018 at 09:01PM by learnie
via reddit http://ift.tt/2DtKXLO
http://ift.tt/2mSDD0U
Submitted January 20, 2018 at 09:01PM by learnie
via reddit http://ift.tt/2DtKXLO
Dropbox
Info Sec & Hacking
Shared with Dropbox
Mobile Devices Compromised by Fake Secure Messaging Clients
http://ift.tt/2DpyiJP
Submitted January 20, 2018 at 10:30PM by 4f97749cdfb5dc076228
via reddit http://ift.tt/2Bhqx2i
http://ift.tt/2DpyiJP
Submitted January 20, 2018 at 10:30PM by 4f97749cdfb5dc076228
via reddit http://ift.tt/2Bhqx2i
Electronic Frontier Foundation
Related Issues
San Francisco – The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily…
IDOR leaks PII of Apple pre-order customers
http://ift.tt/2DSyxd6
Submitted January 21, 2018 at 02:17AM by hiilikecats
via reddit http://ift.tt/2Dmtwsn
http://ift.tt/2DSyxd6
Submitted January 21, 2018 at 02:17AM by hiilikecats
via reddit http://ift.tt/2Dmtwsn
not the same origin
Steps to Reproduce #1: Leaking PII of Apple pre-order customers
Hihi! N.B. Consent was received from Apple to disclose this bug. No data is disclosed in the article, and to respect privacy the couriers name is redacted. Today I'm writing about a very simple chain of bugs I found in the tracking site of the courier that…
Universal XSS vulnerability via Evernote Web Clipper extension
http://ift.tt/2mLDQ65
Submitted January 19, 2018 at 02:47PM by xpnsecurity
via reddit http://ift.tt/2rlnVAS
http://ift.tt/2mLDQ65
Submitted January 19, 2018 at 02:47PM by xpnsecurity
via reddit http://ift.tt/2rlnVAS
XPN InfoSec Blog
Universal XSS via Evernote WebClipper
During an evening of bug hunting, I found a cool issue in Evernote's WebClipper tool. The result was a Universal XSS vulnerability, which we will explore in this post.