Tinder app doesn't use HTTPS
http://ift.tt/2BmIXi8
Submitted January 24, 2018 at 01:52AM by safjx
via reddit http://ift.tt/2F901ut
http://ift.tt/2BmIXi8
Submitted January 24, 2018 at 01:52AM by safjx
via reddit http://ift.tt/2F901ut
WIRED
Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes
Thanks to Tinder's patchwork use of HTTPS, researchers found they could reconstruct someone's entire experience in the app.
Prepare for These Information Security Threats in 2018
http://ift.tt/2n6HCYJ
Submitted January 24, 2018 at 01:25AM by TransTechIT
via reddit http://ift.tt/2BnQ222
http://ift.tt/2n6HCYJ
Submitted January 24, 2018 at 01:25AM by TransTechIT
via reddit http://ift.tt/2BnQ222
Blog
Prepare for These Information Security Threats in 2018 - Blog
Forecasts of information security threats suggest these trends will continue to menace enterprises throughout 2018.Here’s how to prepare for them.
Tinder mobile apps vulnerable to sniffing due to lack of TLS on image loads. Swipes can be inferred by TLS payload size.
http://ift.tt/2Dx6cIt
Submitted January 24, 2018 at 02:31AM by jdmulloy
via reddit http://ift.tt/2rAE8lI
http://ift.tt/2Dx6cIt
Submitted January 24, 2018 at 02:31AM by jdmulloy
via reddit http://ift.tt/2rAE8lI
Consumer Reports
Flaws in Tinder App Put Users' Privacy at Risk, Researchers Say
Due to security flaws in the Tinder app, security experts say Tinder isn’t doing enough to secure its popular dating app, and Consumer Reports says that puts users' privacy at risk.
Is a Cellular-Based Security System More Secure than WiFi or Bluetooth?
https://www.youtube.com/watch?v=SCxrdD12J_I
Submitted January 24, 2018 at 02:33AM by KaityNotes
via reddit http://ift.tt/2G8HzU5
https://www.youtube.com/watch?v=SCxrdD12J_I
Submitted January 24, 2018 at 02:33AM by KaityNotes
via reddit http://ift.tt/2G8HzU5
YouTube
Why is cellular better than Wifi or Blutetooth?
PRE-ORDER NOW AT: https://igg.me/at/duo Hear why Duo uses a cellular modem and how it's better than wifi or bluetooth. Duo by Simtek is the ONLY portable, al...
Help! Outside security.
I live on my own and recently I've seen the same black car parked outside my drive three times this week. Earlier tonight my neighbor rang me scared because a man had walked down my drive and was looking over my fence. I'm really scared and looking for some home security. I know nothing about it and don't know what to buy. Any help or advice on what I should buy?
Submitted January 24, 2018 at 04:48AM by Splooofy
via reddit http://ift.tt/2DwuSRv
I live on my own and recently I've seen the same black car parked outside my drive three times this week. Earlier tonight my neighbor rang me scared because a man had walked down my drive and was looking over my fence. I'm really scared and looking for some home security. I know nothing about it and don't know what to buy. Any help or advice on what I should buy?
Submitted January 24, 2018 at 04:48AM by Splooofy
via reddit http://ift.tt/2DwuSRv
reddit
Help! Outside security. • r/security
I live on my own and recently I've seen the same black car parked outside my drive three times this week. Earlier tonight my neighbor rang me...
Getting Started in Information Security by Endgame
http://ift.tt/2G8qNV9
Submitted January 24, 2018 at 09:21AM by mathmare
via reddit http://ift.tt/2E2Cs7g
http://ift.tt/2G8qNV9
Submitted January 24, 2018 at 09:21AM by mathmare
via reddit http://ift.tt/2E2Cs7g
Endgame
Getting Started in Information Security
For many, entering the information security (infosec) industry is elusive and confusing, with mixed signals and conflicting information about what background or skills are required. The reality is that there is no single path into the industry. Despite the…
I was told yesterday at a university career fair that "nobody is looking for security"...
The man told me that "nobody is looking for information security candidates, but only developers."What would lead him to say something such as this? I found it to be absolutely ridiculous, and almost offensive to a kid who has already racked up $50k in debt pursuing this degree at a pretty good school.
Submitted January 24, 2018 at 09:42AM by ts23_
via reddit http://ift.tt/2n9zw1F
The man told me that "nobody is looking for information security candidates, but only developers."What would lead him to say something such as this? I found it to be absolutely ridiculous, and almost offensive to a kid who has already racked up $50k in debt pursuing this degree at a pretty good school.
Submitted January 24, 2018 at 09:42AM by ts23_
via reddit http://ift.tt/2n9zw1F
reddit
I was told yesterday at a university career fair that... • r/security
The man told me that "nobody is looking for information security candidates, but only developers." What would lead him to say something such as...
RCE vulnerability in Electron framework affects Skype, Signal, Wordpress and Slack that run on Microsoft Windows
http://ift.tt/2rwjhQK
Submitted January 24, 2018 at 06:40PM by digital_desert
via reddit http://ift.tt/2DCycxH
http://ift.tt/2rwjhQK
Submitted January 24, 2018 at 06:40PM by digital_desert
via reddit http://ift.tt/2DCycxH
Cybersecurity Podcast Ep 4 - Cyber-Awareness Landscape
http://ift.tt/2rC3Nun
Submitted January 24, 2018 at 06:49PM by Uminekoshi
via reddit http://ift.tt/2GcJhDS
http://ift.tt/2rC3Nun
Submitted January 24, 2018 at 06:49PM by Uminekoshi
via reddit http://ift.tt/2GcJhDS
SoundCloud
Episode 4 - Cyber-Awareness: Then, Now and the Future
In this CyberTangent episode, we are joined by our very own, Mike Alexiou, CISO at Nehemiah Security. Our podcast host is Landon Johnson.
Today's topic is "Cyber-Awareness: Then, Now and the Future."
Today's topic is "Cyber-Awareness: Then, Now and the Future."
Hide ‘n Seek - new IoT botnet growing fast. Uses a custom made P2P protocol for C&C and web exploits as well as telnet for compromising its victims.
http://ift.tt/2Dx7KlD
Submitted January 24, 2018 at 06:54PM by jaymzu
via reddit http://ift.tt/2n7adwX
http://ift.tt/2Dx7KlD
Submitted January 24, 2018 at 06:54PM by jaymzu
via reddit http://ift.tt/2n7adwX
Bitdefender Labs
New Hide ‘N Seek IoT Botnet using custom-built Peer-to-Peer...
Bitdefender researchers have uncovered an emerging botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot, dubbed HNS, was intercepted by our...
Security In 5: Episode 159 - If You Have A USB Drive Connected To Your Home Router, You Need This Episode
http://ift.tt/2F6nIUo
Submitted January 24, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2DHxfE2
http://ift.tt/2F6nIUo
Submitted January 24, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2DHxfE2
Libsyn
Security In Five Podcast: Episode 159 - If You Have A USB Drive Connected To Your Home Router, You Need This Episode
The latest generation of home routers make it very easy to connect large USB hard drives for centralized file backups and sharing. The episode tells a story of how dangerous that is if you aren't looking out for certain things. You may be unknowingly allowing…
The Basic Online Security Guide For Cryptocurrency Baby Boomers
http://ift.tt/2DACNRz
Submitted January 24, 2018 at 08:32PM by coinsutra
via reddit http://ift.tt/2n9kOXl
http://ift.tt/2DACNRz
Submitted January 24, 2018 at 08:32PM by coinsutra
via reddit http://ift.tt/2n9kOXl
CoinSutra - Bitcoin Community
The Basic Online Security Guide For Cryptocurrency Baby Boomers
The one question I keep hearing over and over again irrespective of gatherings as small as casual meet ups over coffee or as large as weddings – Have you Invested in Bitcoin yet? It doesn’t just stop there. Cryptocurrencies like Ripple, Ethereum and Litecoin…
why are all security courses focuses on tools?!?
I've not taken 1 course via Cybrary, Pluralsight etc related to security that has taught anything valuable. they all teach about Owasp 10 and some basic networking then just straight into tools for enumeration, sqli, blah blah. Is there any good resource out there that might teach you to manually find vulns or writing your own tools. I'm talking a full fledged beginner to security engineer course or is this just a dream?
Submitted January 24, 2018 at 08:38PM by osonkr
via reddit http://ift.tt/2E7RKry
I've not taken 1 course via Cybrary, Pluralsight etc related to security that has taught anything valuable. they all teach about Owasp 10 and some basic networking then just straight into tools for enumeration, sqli, blah blah. Is there any good resource out there that might teach you to manually find vulns or writing your own tools. I'm talking a full fledged beginner to security engineer course or is this just a dream?
Submitted January 24, 2018 at 08:38PM by osonkr
via reddit http://ift.tt/2E7RKry
reddit
why are all security courses focuses on tools?!? • r/security
I've not taken 1 course via Cybrary, Pluralsight etc related to security that has taught anything valuable. they all teach about Owasp 10 and some...
Request: Recommended Reading for Cloud Security
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at Azure as an offsite DR replication point. I'm sure down the line we may expand into OWA, Office, and possibly some IaaS VMs. None of this will be public-facing. This is somewhat of a new realm for me as well since I hopped over to security from system administration.With that said, I would like to request any good reading you might know of or can recommend for ensuring that our cloud presence is properly secured. Thanks in advance!
Submitted January 24, 2018 at 09:56PM by Derbel__McDillet
via reddit http://ift.tt/2n8T0mO
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at Azure as an offsite DR replication point. I'm sure down the line we may expand into OWA, Office, and possibly some IaaS VMs. None of this will be public-facing. This is somewhat of a new realm for me as well since I hopped over to security from system administration.With that said, I would like to request any good reading you might know of or can recommend for ensuring that our cloud presence is properly secured. Thanks in advance!
Submitted January 24, 2018 at 09:56PM by Derbel__McDillet
via reddit http://ift.tt/2n8T0mO
reddit
Request: Recommended Reading for Cloud Security • r/security
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at...
Rapid Ransomware Continues Encrypting New Files as they Are Created
http://ift.tt/2G9bM5D
Submitted January 24, 2018 at 09:25PM by DJRWolf
via reddit http://ift.tt/2E4C2gJ
http://ift.tt/2G9bM5D
Submitted January 24, 2018 at 09:25PM by DJRWolf
via reddit http://ift.tt/2E4C2gJ
BleepingComputer
Rapid Ransomware Continues Encrypting New Files as they Are Created
A new ransomware is being spread called Rapid Ransomware that stays active after initially encrypting a computer and encrypts any new files that are created. While this behavior is not unique to Rapid, it is not a common behavior we see too often.
Weird Machines, Exploitability, Non-Exploitability slides by Halvar's Flake
http://ift.tt/2Gg1PDh
Submitted January 24, 2018 at 10:08PM by alain_proviste
via reddit http://ift.tt/2BsOfsQ
http://ift.tt/2Gg1PDh
Submitted January 24, 2018 at 10:08PM by alain_proviste
via reddit http://ift.tt/2BsOfsQ
Google Docs
Public copy of Weird Machines, Exploitability, Non-Exploitability
Weird Machines, Exploitability, and provable non-exploitability Understanding the nature of “exploits” Thomas Dullien Google Project Zero halvar@google.com
SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities
http://ift.tt/2n6tizw
Submitted January 24, 2018 at 10:06PM by petermal67
via reddit http://ift.tt/2n8KLY9
http://ift.tt/2n6tizw
Submitted January 24, 2018 at 10:06PM by petermal67
via reddit http://ift.tt/2n8KLY9
Chrome Plugin you suggest to test: Vulners Web Vulnerability Scanner v2. Scan as you browse.
http://ift.tt/2n9vMw1
Submitted January 24, 2018 at 11:05PM by isox_xx
via reddit http://ift.tt/2DER5R6
http://ift.tt/2n9vMw1
Submitted January 24, 2018 at 11:05PM by isox_xx
via reddit http://ift.tt/2DER5R6
Alexander V. Leonov
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. My denoscription of the version 1.0 you can see at Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome. Killing feature…
How long is your window of security vulnerability?
http://ift.tt/2G1VKKJ
Submitted January 24, 2018 at 10:56PM by CrankyBear
via reddit http://ift.tt/2n9vOE9
http://ift.tt/2G1VKKJ
Submitted January 24, 2018 at 10:56PM by CrankyBear
via reddit http://ift.tt/2n9vOE9
Rails Paperclip gem SSRF vulnerability CVE-2017-0889
http://ift.tt/2n7lDkl
Submitted January 24, 2018 at 08:13PM by gutron
via reddit http://ift.tt/2Bs2cam
http://ift.tt/2n7lDkl
Submitted January 24, 2018 at 08:13PM by gutron
via reddit http://ift.tt/2Bs2cam
Medium
All about Paperclip’s CVE-2017–0889 Server Side Request Forgery (SSRF) vulnerability
Discusses the high risk Server Side Request Forgery vulnerability (CVE-2017–0889) in the Paperclip gem. This issue is un-patched and insufficient information about the impact has been released
Industry Best Practice for IoT Security (PDF)
http://ift.tt/2mGM0gU
Submitted January 25, 2018 at 02:09AM by kovexal
via reddit http://ift.tt/2DASCb4
http://ift.tt/2mGM0gU
Submitted January 25, 2018 at 02:09AM by kovexal
via reddit http://ift.tt/2DASCb4
IoT-Architect.de
Baseline Security Recommendations for IoT
Want to know what industrial professionals see as a baseline in IoT security? ENISA published a document full of analysis, best practices and expert insights.