Cybersecurity Podcast Ep 4 - Cyber-Awareness Landscape
http://ift.tt/2rC3Nun
Submitted January 24, 2018 at 06:49PM by Uminekoshi
via reddit http://ift.tt/2GcJhDS
http://ift.tt/2rC3Nun
Submitted January 24, 2018 at 06:49PM by Uminekoshi
via reddit http://ift.tt/2GcJhDS
SoundCloud
Episode 4 - Cyber-Awareness: Then, Now and the Future
In this CyberTangent episode, we are joined by our very own, Mike Alexiou, CISO at Nehemiah Security. Our podcast host is Landon Johnson.
Today's topic is "Cyber-Awareness: Then, Now and the Future."
Today's topic is "Cyber-Awareness: Then, Now and the Future."
Hide ‘n Seek - new IoT botnet growing fast. Uses a custom made P2P protocol for C&C and web exploits as well as telnet for compromising its victims.
http://ift.tt/2Dx7KlD
Submitted January 24, 2018 at 06:54PM by jaymzu
via reddit http://ift.tt/2n7adwX
http://ift.tt/2Dx7KlD
Submitted January 24, 2018 at 06:54PM by jaymzu
via reddit http://ift.tt/2n7adwX
Bitdefender Labs
New Hide ‘N Seek IoT Botnet using custom-built Peer-to-Peer...
Bitdefender researchers have uncovered an emerging botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot, dubbed HNS, was intercepted by our...
Security In 5: Episode 159 - If You Have A USB Drive Connected To Your Home Router, You Need This Episode
http://ift.tt/2F6nIUo
Submitted January 24, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2DHxfE2
http://ift.tt/2F6nIUo
Submitted January 24, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2DHxfE2
Libsyn
Security In Five Podcast: Episode 159 - If You Have A USB Drive Connected To Your Home Router, You Need This Episode
The latest generation of home routers make it very easy to connect large USB hard drives for centralized file backups and sharing. The episode tells a story of how dangerous that is if you aren't looking out for certain things. You may be unknowingly allowing…
The Basic Online Security Guide For Cryptocurrency Baby Boomers
http://ift.tt/2DACNRz
Submitted January 24, 2018 at 08:32PM by coinsutra
via reddit http://ift.tt/2n9kOXl
http://ift.tt/2DACNRz
Submitted January 24, 2018 at 08:32PM by coinsutra
via reddit http://ift.tt/2n9kOXl
CoinSutra - Bitcoin Community
The Basic Online Security Guide For Cryptocurrency Baby Boomers
The one question I keep hearing over and over again irrespective of gatherings as small as casual meet ups over coffee or as large as weddings – Have you Invested in Bitcoin yet? It doesn’t just stop there. Cryptocurrencies like Ripple, Ethereum and Litecoin…
why are all security courses focuses on tools?!?
I've not taken 1 course via Cybrary, Pluralsight etc related to security that has taught anything valuable. they all teach about Owasp 10 and some basic networking then just straight into tools for enumeration, sqli, blah blah. Is there any good resource out there that might teach you to manually find vulns or writing your own tools. I'm talking a full fledged beginner to security engineer course or is this just a dream?
Submitted January 24, 2018 at 08:38PM by osonkr
via reddit http://ift.tt/2E7RKry
I've not taken 1 course via Cybrary, Pluralsight etc related to security that has taught anything valuable. they all teach about Owasp 10 and some basic networking then just straight into tools for enumeration, sqli, blah blah. Is there any good resource out there that might teach you to manually find vulns or writing your own tools. I'm talking a full fledged beginner to security engineer course or is this just a dream?
Submitted January 24, 2018 at 08:38PM by osonkr
via reddit http://ift.tt/2E7RKry
reddit
why are all security courses focuses on tools?!? • r/security
I've not taken 1 course via Cybrary, Pluralsight etc related to security that has taught anything valuable. they all teach about Owasp 10 and some...
Request: Recommended Reading for Cloud Security
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at Azure as an offsite DR replication point. I'm sure down the line we may expand into OWA, Office, and possibly some IaaS VMs. None of this will be public-facing. This is somewhat of a new realm for me as well since I hopped over to security from system administration.With that said, I would like to request any good reading you might know of or can recommend for ensuring that our cloud presence is properly secured. Thanks in advance!
Submitted January 24, 2018 at 09:56PM by Derbel__McDillet
via reddit http://ift.tt/2n8T0mO
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at Azure as an offsite DR replication point. I'm sure down the line we may expand into OWA, Office, and possibly some IaaS VMs. None of this will be public-facing. This is somewhat of a new realm for me as well since I hopped over to security from system administration.With that said, I would like to request any good reading you might know of or can recommend for ensuring that our cloud presence is properly secured. Thanks in advance!
Submitted January 24, 2018 at 09:56PM by Derbel__McDillet
via reddit http://ift.tt/2n8T0mO
reddit
Request: Recommended Reading for Cloud Security • r/security
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at...
Rapid Ransomware Continues Encrypting New Files as they Are Created
http://ift.tt/2G9bM5D
Submitted January 24, 2018 at 09:25PM by DJRWolf
via reddit http://ift.tt/2E4C2gJ
http://ift.tt/2G9bM5D
Submitted January 24, 2018 at 09:25PM by DJRWolf
via reddit http://ift.tt/2E4C2gJ
BleepingComputer
Rapid Ransomware Continues Encrypting New Files as they Are Created
A new ransomware is being spread called Rapid Ransomware that stays active after initially encrypting a computer and encrypts any new files that are created. While this behavior is not unique to Rapid, it is not a common behavior we see too often.
Weird Machines, Exploitability, Non-Exploitability slides by Halvar's Flake
http://ift.tt/2Gg1PDh
Submitted January 24, 2018 at 10:08PM by alain_proviste
via reddit http://ift.tt/2BsOfsQ
http://ift.tt/2Gg1PDh
Submitted January 24, 2018 at 10:08PM by alain_proviste
via reddit http://ift.tt/2BsOfsQ
Google Docs
Public copy of Weird Machines, Exploitability, Non-Exploitability
Weird Machines, Exploitability, and provable non-exploitability Understanding the nature of “exploits” Thomas Dullien Google Project Zero halvar@google.com
SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities
http://ift.tt/2n6tizw
Submitted January 24, 2018 at 10:06PM by petermal67
via reddit http://ift.tt/2n8KLY9
http://ift.tt/2n6tizw
Submitted January 24, 2018 at 10:06PM by petermal67
via reddit http://ift.tt/2n8KLY9
Chrome Plugin you suggest to test: Vulners Web Vulnerability Scanner v2. Scan as you browse.
http://ift.tt/2n9vMw1
Submitted January 24, 2018 at 11:05PM by isox_xx
via reddit http://ift.tt/2DER5R6
http://ift.tt/2n9vMw1
Submitted January 24, 2018 at 11:05PM by isox_xx
via reddit http://ift.tt/2DER5R6
Alexander V. Leonov
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. My denoscription of the version 1.0 you can see at Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome. Killing feature…
How long is your window of security vulnerability?
http://ift.tt/2G1VKKJ
Submitted January 24, 2018 at 10:56PM by CrankyBear
via reddit http://ift.tt/2n9vOE9
http://ift.tt/2G1VKKJ
Submitted January 24, 2018 at 10:56PM by CrankyBear
via reddit http://ift.tt/2n9vOE9
Rails Paperclip gem SSRF vulnerability CVE-2017-0889
http://ift.tt/2n7lDkl
Submitted January 24, 2018 at 08:13PM by gutron
via reddit http://ift.tt/2Bs2cam
http://ift.tt/2n7lDkl
Submitted January 24, 2018 at 08:13PM by gutron
via reddit http://ift.tt/2Bs2cam
Medium
All about Paperclip’s CVE-2017–0889 Server Side Request Forgery (SSRF) vulnerability
Discusses the high risk Server Side Request Forgery vulnerability (CVE-2017–0889) in the Paperclip gem. This issue is un-patched and insufficient information about the impact has been released
Industry Best Practice for IoT Security (PDF)
http://ift.tt/2mGM0gU
Submitted January 25, 2018 at 02:09AM by kovexal
via reddit http://ift.tt/2DASCb4
http://ift.tt/2mGM0gU
Submitted January 25, 2018 at 02:09AM by kovexal
via reddit http://ift.tt/2DASCb4
IoT-Architect.de
Baseline Security Recommendations for IoT
Want to know what industrial professionals see as a baseline in IoT security? ENISA published a document full of analysis, best practices and expert insights.
Hackers Can Locate And Remotely Control Your Smart Sex Toys
http://ift.tt/2xq36a0
Submitted January 25, 2018 at 01:50AM by robert_brooks
via reddit http://ift.tt/2DASCrA
http://ift.tt/2xq36a0
Submitted January 25, 2018 at 01:50AM by robert_brooks
via reddit http://ift.tt/2DASCrA
IFLScience
Hackers Can Locate And Remotely Control Your Smart Sex Toys
Bluetooth-connected sex toys – what could possibly go wrong? Some cybersecurity experts decided to find out.
Computer nerds from the Pen Test Partners sec
Computer nerds from the Pen Test Partners sec
Hawaii's Forgetful Governor Proves Why You Really Need A Password Management Program
http://ift.tt/2E2gJMM
Submitted January 25, 2018 at 03:05AM by antdude
via reddit http://ift.tt/2rAV7Ex
http://ift.tt/2E2gJMM
Submitted January 25, 2018 at 03:05AM by antdude
via reddit http://ift.tt/2rAV7Ex
Forbes
Hawaii's Forgetful Governor Proves Why You Really Need A Password Management Program
After the government of Hawaii sent a warning to cellphones telling Hawaiians that they were about to be hit by an ICBM, it took 38 minutes for the mistake to be corrected. Now we know why.
Gartner studies Security Orchestration, Automation, and Response in seminal research report
http://ift.tt/2Dvukv6
Submitted January 25, 2018 at 04:07AM by abhishekiyer
via reddit http://ift.tt/2n9BjCX
http://ift.tt/2Dvukv6
Submitted January 25, 2018 at 04:07AM by abhishekiyer
via reddit http://ift.tt/2n9BjCX
Demisto
Gartner brings SOAR to the fore in seminal research report
Explore highlights from Gartner's detailed SOAR research report and learn what functional components users should look from SOAR solutions going forward.
Anti-debug with VirtualAlloc’s write watch
http://ift.tt/2n9j9lm
Submitted January 25, 2018 at 04:53AM by gsuberland
via reddit http://ift.tt/2Br6ZZA
http://ift.tt/2n9j9lm
Submitted January 25, 2018 at 04:53AM by gsuberland
via reddit http://ift.tt/2Br6ZZA
codeinsecurity
Anti-debug with VirtualAlloc’s write watch
A lesser-known feature of the Windows memory manager is that it can maintain write watches on allocations for debugging and profiling purposes. Passing the MEM_WRITE_WATCH flag to VirtualAlloc R…
Microsoft Azure CSV Injection
http://ift.tt/2BqJb83
Submitted January 25, 2018 at 05:37AM by ThrowItInTheSoup
via reddit http://ift.tt/2DFB1P2
http://ift.tt/2BqJb83
Submitted January 25, 2018 at 05:37AM by ThrowItInTheSoup
via reddit http://ift.tt/2DFB1P2
Bsides NYC 2018 Videos
http://ift.tt/2GepWSY
Submitted January 25, 2018 at 06:30AM by epyonx
via reddit http://ift.tt/2rCK2mC
http://ift.tt/2GepWSY
Submitted January 25, 2018 at 06:30AM by epyonx
via reddit http://ift.tt/2rCK2mC
ISOC-NY NOTICE BOARD
#BSidesNYC 2018 Livestream
Link to here: Event Homepage – Schedule – Twitter: #BSidesNYC TRACK 1 Opening Remarks Dr. Richard Lovely Director of the John Jay College Digital Forensics & Cybersecurity Pr…
Boost.Beast security assessment technical report
http://ift.tt/2Bsf9Rg
Submitted January 25, 2018 at 07:25AM by ryanaraine
via reddit http://ift.tt/2n8PysC
http://ift.tt/2Bsf9Rg
Submitted January 25, 2018 at 07:25AM by ryanaraine
via reddit http://ift.tt/2n8PysC
Quora and you
Do you have a Quora (quora.com) account? Quora has acknowledged and claimed as a feature a very serious authentication(-less?) issue. You may have noticed that when you receive an email digest (possibly others), you appear to auto-login to the site. This might not seem unusual, although still questionable, and it has been brought up before. It logs you into a new session.What you may not realize is that if you forward those emails to someone, say you wanted to share an interesting article, the recipient of your forwarded email WILL be able to login as YOU. Quora says the auto-login link ability expires at some point, but the countdown only begins after the link is clicked initially. As for how long this countdown is, I can't say, but the deeper issue is that every account that I can tell is vulnerable, since an auto-login feature comes with all those emails. Initially I thought that it required a google account connected and it may, but now I am not sure. I alerted Quora who acknowledged the risk of forwarded email recipients being able to login as the original recipient and concluded it was an acceptable risk. I would not have typed this up without the bug report having been marked closed by quora.Full access to the users quora account is given, which means you can unlink trusted accounts and link your own twitter, facebook, google or linkedin, effectively hi-jacking the account completely. You can impersonate, edit and modify comments and articles, or just delete the account altogether. So next time you want to forward an article to a friend, or receive a forward, keep that in mind.
Submitted January 25, 2018 at 08:06AM by sman2428
via reddit http://ift.tt/2n9P45v
Do you have a Quora (quora.com) account? Quora has acknowledged and claimed as a feature a very serious authentication(-less?) issue. You may have noticed that when you receive an email digest (possibly others), you appear to auto-login to the site. This might not seem unusual, although still questionable, and it has been brought up before. It logs you into a new session.What you may not realize is that if you forward those emails to someone, say you wanted to share an interesting article, the recipient of your forwarded email WILL be able to login as YOU. Quora says the auto-login link ability expires at some point, but the countdown only begins after the link is clicked initially. As for how long this countdown is, I can't say, but the deeper issue is that every account that I can tell is vulnerable, since an auto-login feature comes with all those emails. Initially I thought that it required a google account connected and it may, but now I am not sure. I alerted Quora who acknowledged the risk of forwarded email recipients being able to login as the original recipient and concluded it was an acceptable risk. I would not have typed this up without the bug report having been marked closed by quora.Full access to the users quora account is given, which means you can unlink trusted accounts and link your own twitter, facebook, google or linkedin, effectively hi-jacking the account completely. You can impersonate, edit and modify comments and articles, or just delete the account altogether. So next time you want to forward an article to a friend, or receive a forward, keep that in mind.
Submitted January 25, 2018 at 08:06AM by sman2428
via reddit http://ift.tt/2n9P45v
reddit
Quora and you • r/security
Do you have a Quora (quora.com) account? Quora has acknowledged and claimed as a feature a very serious authentication(-less?) issue. You may have...