Developers + GDPR/PCI question
Does anyone know if PCI or GDPR policy restrict the app developers having access to customers data? (e.g. some basic, some sensitive such as last 4 digits of card number).Ive been told yes but I don't believe thats reasonable. Fixing certain bugs seems impossible without setting the state of the data.

Submitted January 25, 2018 at 10:27PM by craigtaub
via reddit http://ift.tt/2naAY2F

How Secure Is Your Data When It's Stored in the Cloud?
http://ift.tt/2DyfV0Z

Submitted January 26, 2018 at 12:04AM by robert_brooks
via reddit http://ift.tt/2E7RloL

High Risk Vulnerabilities within the DoD from Coldfusion, Dotnet Nuke, Oracle, and more
http://ift.tt/2DD4VUi

Submitted January 26, 2018 at 12:18AM by alyssathegryphon
via reddit http://ift.tt/2Gh43m0

Exploiting Electron RCE in Exodus wallet
http://ift.tt/2nd2FrN

Submitted January 26, 2018 at 02:09AM by JE_SHORT
via reddit http://ift.tt/2GjZwPB

10 Solid Tips to Increase and optimize IIS Performance for 2018. Covers ASP.Net, WordPress,ColdFusion And SharePoint
http://ift.tt/2DMgoQt

Submitted January 26, 2018 at 01:44AM by BitsAndScrews
via reddit http://ift.tt/2FhYItp

Microsoft releases updated VS compiler for Spectre V2. Let the builds begin. GCC backports to v7
http://ift.tt/2DKCVNU

Submitted January 26, 2018 at 02:02AM by kn1ght
via reddit http://ift.tt/2FdFjcX

3 Questions About CYBERTACOS You Know You Want To Ask
http://ift.tt/2DLDDdC

Submitted January 26, 2018 at 12:29AM by Uminekoshi
via reddit http://ift.tt/2nceOOn

Bastion Hopping With SSH And ScaleFT
http://ift.tt/2FfsUFB

Submitted January 26, 2018 at 12:15AM by alexdebrie
via reddit http://ift.tt/2BuxE7K

Moar ASUS router vulns
http://ift.tt/2DFljDR

Submitted January 26, 2018 at 02:18AM by aetsu
via reddit http://ift.tt/2nb42Hq

NetBSD kernel wscons IOCTL vulnerable bug class
http://ift.tt/2DMVD7D

Submitted January 26, 2018 at 02:16AM by ffyns
via reddit http://ift.tt/2DFvIzu

I've searched the news and haven't found any mention of this, so I came to Reddit
My role: Like most of you I don't have any official spokesperson role for my company so I'm going to keep their name out of this. I have a small role in security validation. I write software tools that decompile and deconstruct thousands of other tools and libraries in order to manually ensure compliance (proper compiler flags, which libraries are included, that certain libraries never get included, etc...)Recently (since the start of the new year) I am aware of multiple governments getting detailed tours of our validation process. This has resulted in us getting a great deal more enforcement power to push developers and product managers to actually act on our alerts and warnings.Any given tool usually has between 10 and 15 minor to moderate CVEs associated with any given release, but getting anyone responsible to take these vulnerabilities seriously (act on anything) has always been a bit challenging. This seems to be getting pressure from the top (outside pressure) to change.My question is: are any of you aware of what is driving this?Sure, I can speculate as well as anyone else, but hard facts are a bit harder to come by. This seems to be pretty big, but I haven't seen any coverage on it.Rumors include pseudo-official word of large incentives, world funding shifts, additional contracts (or contracts being threatened by) proper enforcement, etc...

Submitted January 26, 2018 at 02:45AM by skyleach
via reddit http://ift.tt/2DKXD06

Exploiting Custom Template Engines
http://ift.tt/2DKjgxz

Submitted January 26, 2018 at 02:48AM by fang0654
via reddit http://ift.tt/2naJ8sW

Stack Based Buffer Overflows on x64 (Windows)
http://ift.tt/2DDnCHf

Submitted January 26, 2018 at 01:15AM by Vasile4444
via reddit http://ift.tt/2DAUvAz

Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
https://www.youtube.com/watch?v=HfSQlC76_s4

Submitted January 24, 2018 at 06:11PM by fireh7nter
via reddit http://ift.tt/2E9jMmp

Free course of ethical hacking, basic to advanced 2018!
http://ift.tt/2rIjvEe

Submitted January 26, 2018 at 06:01AM by gburu
via reddit http://ift.tt/2GgU8wF

Unknown log in attempts on Tillys.com — should I be concerned?
Today, I got this email from customerservice@tillys.com.Hi [my name], Your account has been temporarily locked because the maximum number of invalid logins has been exceeded.Please try logging in again later.If you feel you have received this email in error, please contact customer service.This is an automatically generated email, please do not reply.I was quite scared by this, because I've never had such emails sent to me before. So I wanted to see if anyone else had this issue; if Tilly's were recently compromised or something.So I looked up the email content with quotation mark on Google, and I got a very fishy result. Only website I could find with this exact text is from the website of a New Zealand clothing brand, icebreaker. This seemed strange, but I assumed that maybe they used a same template or something for their security system so it's plausible they have the same message. (I have no idea how programming works. Is this a plausible idea?)Then, I sent a email to tillys support that I have been alarmed about unknown log in attempts to my account, so I would like to know location of where the log in attempts came from and what the attempts were. After the support mail was sent, I went to log in to my account, which I honestly don't even remember making, to be honest. I searched Tillys.com on my gmail search engine, but there weren't any of those "Thanks for joining Tillys.com!" type of mail in the past.So in case that my computer is exposed to a keylogger, I pressed forgot password to reset the password, without making any real attempts to log in, and changed my Tillys.com password to something completely unusual; a combination of words and numbers that I never used as a password before. When I logged in, I found more weird things.I was signed up for email updates, despite the fact that as I mentioned, I have not received any emails from Tilly's before. I looked for it on every inbox. Nothing is there.It is signed up with my real name and my birthdate, but the gender is wrong and the shipping address is a non-exsistent address. (Random numbers and null city, etc.)I ran a Windows Defender test and found a Trojan virus, and deleted it immediately. I pirate through torrent time to time, but very rarely and my last download has been quite a while ago.This is some weird fishy shit. I'm scared that this is all a set-up by a hacker to access my account. I will wait for their techsupport team to reply, but I would like to know if any of this is significant; something to worry about. Thank you guys in advance.

Submitted January 26, 2018 at 08:29AM by myheartsaysyesindeed
via reddit http://ift.tt/2BsvSUS

IDS x series alarm system
Error: Version No. 2.02 busy. Will not arm the alarm because of this error.

Submitted January 26, 2018 at 02:22PM by Gtex555
via reddit http://ift.tt/2DEhFWs

Amazing Incident Response 45K PCs and 4K Servers in 10 days
http://ift.tt/2nf36ll

Submitted January 26, 2018 at 03:27PM by akapranos
via reddit http://ift.tt/2DGEqxq

Debugging Android third-party Java apps with native methods
http://ift.tt/2Ea7c6g

Submitted January 26, 2018 at 03:10PM by xaocuc
via reddit http://ift.tt/2DA2kq3

Why IP-based rules are bad, but we still use it
http://ift.tt/2ncAs51

Submitted January 26, 2018 at 04:22PM by jpkroehling
via reddit http://ift.tt/2Bv0yVv

How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME
http://ift.tt/2BwkAyI

Submitted January 26, 2018 at 06:26PM by alexlash
via reddit http://ift.tt/2Gix5Sb