Request: Recommended Reading for Cloud Security
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at Azure as an offsite DR replication point. I'm sure down the line we may expand into OWA, Office, and possibly some IaaS VMs. None of this will be public-facing. This is somewhat of a new realm for me as well since I hopped over to security from system administration.With that said, I would like to request any good reading you might know of or can recommend for ensuring that our cloud presence is properly secured. Thanks in advance!
Submitted January 24, 2018 at 09:56PM by Derbel__McDillet
via reddit http://ift.tt/2n8T0mO
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at Azure as an offsite DR replication point. I'm sure down the line we may expand into OWA, Office, and possibly some IaaS VMs. None of this will be public-facing. This is somewhat of a new realm for me as well since I hopped over to security from system administration.With that said, I would like to request any good reading you might know of or can recommend for ensuring that our cloud presence is properly secured. Thanks in advance!
Submitted January 24, 2018 at 09:56PM by Derbel__McDillet
via reddit http://ift.tt/2n8T0mO
reddit
Request: Recommended Reading for Cloud Security • r/security
Hello /r/security. My company is gaining a footprint in cloud services for the rest time since our inception. Specifically, we are looking at...
Rapid Ransomware Continues Encrypting New Files as they Are Created
http://ift.tt/2G9bM5D
Submitted January 24, 2018 at 09:25PM by DJRWolf
via reddit http://ift.tt/2E4C2gJ
http://ift.tt/2G9bM5D
Submitted January 24, 2018 at 09:25PM by DJRWolf
via reddit http://ift.tt/2E4C2gJ
BleepingComputer
Rapid Ransomware Continues Encrypting New Files as they Are Created
A new ransomware is being spread called Rapid Ransomware that stays active after initially encrypting a computer and encrypts any new files that are created. While this behavior is not unique to Rapid, it is not a common behavior we see too often.
Weird Machines, Exploitability, Non-Exploitability slides by Halvar's Flake
http://ift.tt/2Gg1PDh
Submitted January 24, 2018 at 10:08PM by alain_proviste
via reddit http://ift.tt/2BsOfsQ
http://ift.tt/2Gg1PDh
Submitted January 24, 2018 at 10:08PM by alain_proviste
via reddit http://ift.tt/2BsOfsQ
Google Docs
Public copy of Weird Machines, Exploitability, Non-Exploitability
Weird Machines, Exploitability, and provable non-exploitability Understanding the nature of “exploits” Thomas Dullien Google Project Zero halvar@google.com
SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities
http://ift.tt/2n6tizw
Submitted January 24, 2018 at 10:06PM by petermal67
via reddit http://ift.tt/2n8KLY9
http://ift.tt/2n6tizw
Submitted January 24, 2018 at 10:06PM by petermal67
via reddit http://ift.tt/2n8KLY9
Chrome Plugin you suggest to test: Vulners Web Vulnerability Scanner v2. Scan as you browse.
http://ift.tt/2n9vMw1
Submitted January 24, 2018 at 11:05PM by isox_xx
via reddit http://ift.tt/2DER5R6
http://ift.tt/2n9vMw1
Submitted January 24, 2018 at 11:05PM by isox_xx
via reddit http://ift.tt/2DER5R6
Alexander V. Leonov
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. My denoscription of the version 1.0 you can see at Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome. Killing feature…
How long is your window of security vulnerability?
http://ift.tt/2G1VKKJ
Submitted January 24, 2018 at 10:56PM by CrankyBear
via reddit http://ift.tt/2n9vOE9
http://ift.tt/2G1VKKJ
Submitted January 24, 2018 at 10:56PM by CrankyBear
via reddit http://ift.tt/2n9vOE9
Rails Paperclip gem SSRF vulnerability CVE-2017-0889
http://ift.tt/2n7lDkl
Submitted January 24, 2018 at 08:13PM by gutron
via reddit http://ift.tt/2Bs2cam
http://ift.tt/2n7lDkl
Submitted January 24, 2018 at 08:13PM by gutron
via reddit http://ift.tt/2Bs2cam
Medium
All about Paperclip’s CVE-2017–0889 Server Side Request Forgery (SSRF) vulnerability
Discusses the high risk Server Side Request Forgery vulnerability (CVE-2017–0889) in the Paperclip gem. This issue is un-patched and insufficient information about the impact has been released
Industry Best Practice for IoT Security (PDF)
http://ift.tt/2mGM0gU
Submitted January 25, 2018 at 02:09AM by kovexal
via reddit http://ift.tt/2DASCb4
http://ift.tt/2mGM0gU
Submitted January 25, 2018 at 02:09AM by kovexal
via reddit http://ift.tt/2DASCb4
IoT-Architect.de
Baseline Security Recommendations for IoT
Want to know what industrial professionals see as a baseline in IoT security? ENISA published a document full of analysis, best practices and expert insights.
Hackers Can Locate And Remotely Control Your Smart Sex Toys
http://ift.tt/2xq36a0
Submitted January 25, 2018 at 01:50AM by robert_brooks
via reddit http://ift.tt/2DASCrA
http://ift.tt/2xq36a0
Submitted January 25, 2018 at 01:50AM by robert_brooks
via reddit http://ift.tt/2DASCrA
IFLScience
Hackers Can Locate And Remotely Control Your Smart Sex Toys
Bluetooth-connected sex toys – what could possibly go wrong? Some cybersecurity experts decided to find out.
Computer nerds from the Pen Test Partners sec
Computer nerds from the Pen Test Partners sec
Hawaii's Forgetful Governor Proves Why You Really Need A Password Management Program
http://ift.tt/2E2gJMM
Submitted January 25, 2018 at 03:05AM by antdude
via reddit http://ift.tt/2rAV7Ex
http://ift.tt/2E2gJMM
Submitted January 25, 2018 at 03:05AM by antdude
via reddit http://ift.tt/2rAV7Ex
Forbes
Hawaii's Forgetful Governor Proves Why You Really Need A Password Management Program
After the government of Hawaii sent a warning to cellphones telling Hawaiians that they were about to be hit by an ICBM, it took 38 minutes for the mistake to be corrected. Now we know why.
Gartner studies Security Orchestration, Automation, and Response in seminal research report
http://ift.tt/2Dvukv6
Submitted January 25, 2018 at 04:07AM by abhishekiyer
via reddit http://ift.tt/2n9BjCX
http://ift.tt/2Dvukv6
Submitted January 25, 2018 at 04:07AM by abhishekiyer
via reddit http://ift.tt/2n9BjCX
Demisto
Gartner brings SOAR to the fore in seminal research report
Explore highlights from Gartner's detailed SOAR research report and learn what functional components users should look from SOAR solutions going forward.
Anti-debug with VirtualAlloc’s write watch
http://ift.tt/2n9j9lm
Submitted January 25, 2018 at 04:53AM by gsuberland
via reddit http://ift.tt/2Br6ZZA
http://ift.tt/2n9j9lm
Submitted January 25, 2018 at 04:53AM by gsuberland
via reddit http://ift.tt/2Br6ZZA
codeinsecurity
Anti-debug with VirtualAlloc’s write watch
A lesser-known feature of the Windows memory manager is that it can maintain write watches on allocations for debugging and profiling purposes. Passing the MEM_WRITE_WATCH flag to VirtualAlloc R…
Microsoft Azure CSV Injection
http://ift.tt/2BqJb83
Submitted January 25, 2018 at 05:37AM by ThrowItInTheSoup
via reddit http://ift.tt/2DFB1P2
http://ift.tt/2BqJb83
Submitted January 25, 2018 at 05:37AM by ThrowItInTheSoup
via reddit http://ift.tt/2DFB1P2
Bsides NYC 2018 Videos
http://ift.tt/2GepWSY
Submitted January 25, 2018 at 06:30AM by epyonx
via reddit http://ift.tt/2rCK2mC
http://ift.tt/2GepWSY
Submitted January 25, 2018 at 06:30AM by epyonx
via reddit http://ift.tt/2rCK2mC
ISOC-NY NOTICE BOARD
#BSidesNYC 2018 Livestream
Link to here: Event Homepage – Schedule – Twitter: #BSidesNYC TRACK 1 Opening Remarks Dr. Richard Lovely Director of the John Jay College Digital Forensics & Cybersecurity Pr…
Boost.Beast security assessment technical report
http://ift.tt/2Bsf9Rg
Submitted January 25, 2018 at 07:25AM by ryanaraine
via reddit http://ift.tt/2n8PysC
http://ift.tt/2Bsf9Rg
Submitted January 25, 2018 at 07:25AM by ryanaraine
via reddit http://ift.tt/2n8PysC
Quora and you
Do you have a Quora (quora.com) account? Quora has acknowledged and claimed as a feature a very serious authentication(-less?) issue. You may have noticed that when you receive an email digest (possibly others), you appear to auto-login to the site. This might not seem unusual, although still questionable, and it has been brought up before. It logs you into a new session.What you may not realize is that if you forward those emails to someone, say you wanted to share an interesting article, the recipient of your forwarded email WILL be able to login as YOU. Quora says the auto-login link ability expires at some point, but the countdown only begins after the link is clicked initially. As for how long this countdown is, I can't say, but the deeper issue is that every account that I can tell is vulnerable, since an auto-login feature comes with all those emails. Initially I thought that it required a google account connected and it may, but now I am not sure. I alerted Quora who acknowledged the risk of forwarded email recipients being able to login as the original recipient and concluded it was an acceptable risk. I would not have typed this up without the bug report having been marked closed by quora.Full access to the users quora account is given, which means you can unlink trusted accounts and link your own twitter, facebook, google or linkedin, effectively hi-jacking the account completely. You can impersonate, edit and modify comments and articles, or just delete the account altogether. So next time you want to forward an article to a friend, or receive a forward, keep that in mind.
Submitted January 25, 2018 at 08:06AM by sman2428
via reddit http://ift.tt/2n9P45v
Do you have a Quora (quora.com) account? Quora has acknowledged and claimed as a feature a very serious authentication(-less?) issue. You may have noticed that when you receive an email digest (possibly others), you appear to auto-login to the site. This might not seem unusual, although still questionable, and it has been brought up before. It logs you into a new session.What you may not realize is that if you forward those emails to someone, say you wanted to share an interesting article, the recipient of your forwarded email WILL be able to login as YOU. Quora says the auto-login link ability expires at some point, but the countdown only begins after the link is clicked initially. As for how long this countdown is, I can't say, but the deeper issue is that every account that I can tell is vulnerable, since an auto-login feature comes with all those emails. Initially I thought that it required a google account connected and it may, but now I am not sure. I alerted Quora who acknowledged the risk of forwarded email recipients being able to login as the original recipient and concluded it was an acceptable risk. I would not have typed this up without the bug report having been marked closed by quora.Full access to the users quora account is given, which means you can unlink trusted accounts and link your own twitter, facebook, google or linkedin, effectively hi-jacking the account completely. You can impersonate, edit and modify comments and articles, or just delete the account altogether. So next time you want to forward an article to a friend, or receive a forward, keep that in mind.
Submitted January 25, 2018 at 08:06AM by sman2428
via reddit http://ift.tt/2n9P45v
reddit
Quora and you • r/security
Do you have a Quora (quora.com) account? Quora has acknowledged and claimed as a feature a very serious authentication(-less?) issue. You may have...
What is a good security system to hide in my bedroom where I can track movement and record what someone is doing for a brief moment in time?
My step dad has been stealing money from me, and I know this for a fact but he doesnt know that I know. I have set up traps in my room and then the traps go off and he is the only one home. I need to get 100% concrete proof of it even though im 100% positive, I need it on video. I have been looking to get a pretty small camera of some sort that will record my room when I am gone and my mom is not home which is rare, but if it does happens we are only gone at an hour at a time, and that is when he does it. I need something that will ping my phone when movement occurs and maybe takes pictures or records it. Since he has taken several hundred from me, id prefer a recording device that isnt super expensive. Do you guys have any ideas? Thanks much!
Submitted January 25, 2018 at 09:23AM by ElvisDimera
via reddit http://ift.tt/2FcUiUw
My step dad has been stealing money from me, and I know this for a fact but he doesnt know that I know. I have set up traps in my room and then the traps go off and he is the only one home. I need to get 100% concrete proof of it even though im 100% positive, I need it on video. I have been looking to get a pretty small camera of some sort that will record my room when I am gone and my mom is not home which is rare, but if it does happens we are only gone at an hour at a time, and that is when he does it. I need something that will ping my phone when movement occurs and maybe takes pictures or records it. Since he has taken several hundred from me, id prefer a recording device that isnt super expensive. Do you guys have any ideas? Thanks much!
Submitted January 25, 2018 at 09:23AM by ElvisDimera
via reddit http://ift.tt/2FcUiUw
reddit
What is a good security system to hide in my bedroom... • r/security
My step dad has been stealing money from me, and I know this for a fact but he doesnt know that I know. I have set up traps in my room and then...
Google's Chronicle
http://ift.tt/2n7QxZ6
Submitted January 25, 2018 at 01:34PM by micgob
via reddit http://ift.tt/2FfpKS9
http://ift.tt/2n7QxZ6
Submitted January 25, 2018 at 01:34PM by micgob
via reddit http://ift.tt/2FfpKS9
Medium
Give Good the Advantage
Introducing Chronicle, a new Alphabet business dedicated to cybersecurity
Commercial Security Services at Tate Security Technology Ltd in UK
http://ift.tt/2Eb9sKR
Submitted January 25, 2018 at 03:46PM by TateSecurity
via reddit http://ift.tt/2DxIxHY
http://ift.tt/2Eb9sKR
Submitted January 25, 2018 at 03:46PM by TateSecurity
via reddit http://ift.tt/2DxIxHY
Tate Security Solutions
Tate Security Solutions (Abu Dhabi) UAE - Tate Security Solutions
Exploit Mitigation Techniques - Stack Canaries - Exploit Development
http://ift.tt/2rF6ueH
Submitted January 25, 2018 at 04:09PM by Jen0vah
via reddit http://ift.tt/2n6pC0I
http://ift.tt/2rF6ueH
Submitted January 25, 2018 at 04:09PM by Jen0vah
via reddit http://ift.tt/2n6pC0I
ASUS routers LAN-side unauthenticated remote code execution
http://ift.tt/2BsEyKX
Submitted January 25, 2018 at 05:13PM by jose_boneh
via reddit http://ift.tt/2Fce4iR
http://ift.tt/2BsEyKX
Submitted January 25, 2018 at 05:13PM by jose_boneh
via reddit http://ift.tt/2Fce4iR