3 Questions About CYBERTACOS You Know You Want To Ask
http://ift.tt/2DLDDdC

Submitted January 26, 2018 at 12:29AM by Uminekoshi
via reddit http://ift.tt/2nceOOn

Bastion Hopping With SSH And ScaleFT
http://ift.tt/2FfsUFB

Submitted January 26, 2018 at 12:15AM by alexdebrie
via reddit http://ift.tt/2BuxE7K

Moar ASUS router vulns
http://ift.tt/2DFljDR

Submitted January 26, 2018 at 02:18AM by aetsu
via reddit http://ift.tt/2nb42Hq

NetBSD kernel wscons IOCTL vulnerable bug class
http://ift.tt/2DMVD7D

Submitted January 26, 2018 at 02:16AM by ffyns
via reddit http://ift.tt/2DFvIzu

I've searched the news and haven't found any mention of this, so I came to Reddit
My role: Like most of you I don't have any official spokesperson role for my company so I'm going to keep their name out of this. I have a small role in security validation. I write software tools that decompile and deconstruct thousands of other tools and libraries in order to manually ensure compliance (proper compiler flags, which libraries are included, that certain libraries never get included, etc...)Recently (since the start of the new year) I am aware of multiple governments getting detailed tours of our validation process. This has resulted in us getting a great deal more enforcement power to push developers and product managers to actually act on our alerts and warnings.Any given tool usually has between 10 and 15 minor to moderate CVEs associated with any given release, but getting anyone responsible to take these vulnerabilities seriously (act on anything) has always been a bit challenging. This seems to be getting pressure from the top (outside pressure) to change.My question is: are any of you aware of what is driving this?Sure, I can speculate as well as anyone else, but hard facts are a bit harder to come by. This seems to be pretty big, but I haven't seen any coverage on it.Rumors include pseudo-official word of large incentives, world funding shifts, additional contracts (or contracts being threatened by) proper enforcement, etc...

Submitted January 26, 2018 at 02:45AM by skyleach
via reddit http://ift.tt/2DKXD06

Exploiting Custom Template Engines
http://ift.tt/2DKjgxz

Submitted January 26, 2018 at 02:48AM by fang0654
via reddit http://ift.tt/2naJ8sW

Stack Based Buffer Overflows on x64 (Windows)
http://ift.tt/2DDnCHf

Submitted January 26, 2018 at 01:15AM by Vasile4444
via reddit http://ift.tt/2DAUvAz

Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
https://www.youtube.com/watch?v=HfSQlC76_s4

Submitted January 24, 2018 at 06:11PM by fireh7nter
via reddit http://ift.tt/2E9jMmp

Free course of ethical hacking, basic to advanced 2018!
http://ift.tt/2rIjvEe

Submitted January 26, 2018 at 06:01AM by gburu
via reddit http://ift.tt/2GgU8wF

Unknown log in attempts on Tillys.com — should I be concerned?
Today, I got this email from customerservice@tillys.com.Hi [my name], Your account has been temporarily locked because the maximum number of invalid logins has been exceeded.Please try logging in again later.If you feel you have received this email in error, please contact customer service.This is an automatically generated email, please do not reply.I was quite scared by this, because I've never had such emails sent to me before. So I wanted to see if anyone else had this issue; if Tilly's were recently compromised or something.So I looked up the email content with quotation mark on Google, and I got a very fishy result. Only website I could find with this exact text is from the website of a New Zealand clothing brand, icebreaker. This seemed strange, but I assumed that maybe they used a same template or something for their security system so it's plausible they have the same message. (I have no idea how programming works. Is this a plausible idea?)Then, I sent a email to tillys support that I have been alarmed about unknown log in attempts to my account, so I would like to know location of where the log in attempts came from and what the attempts were. After the support mail was sent, I went to log in to my account, which I honestly don't even remember making, to be honest. I searched Tillys.com on my gmail search engine, but there weren't any of those "Thanks for joining Tillys.com!" type of mail in the past.So in case that my computer is exposed to a keylogger, I pressed forgot password to reset the password, without making any real attempts to log in, and changed my Tillys.com password to something completely unusual; a combination of words and numbers that I never used as a password before. When I logged in, I found more weird things.I was signed up for email updates, despite the fact that as I mentioned, I have not received any emails from Tilly's before. I looked for it on every inbox. Nothing is there.It is signed up with my real name and my birthdate, but the gender is wrong and the shipping address is a non-exsistent address. (Random numbers and null city, etc.)I ran a Windows Defender test and found a Trojan virus, and deleted it immediately. I pirate through torrent time to time, but very rarely and my last download has been quite a while ago.This is some weird fishy shit. I'm scared that this is all a set-up by a hacker to access my account. I will wait for their techsupport team to reply, but I would like to know if any of this is significant; something to worry about. Thank you guys in advance.

Submitted January 26, 2018 at 08:29AM by myheartsaysyesindeed
via reddit http://ift.tt/2BsvSUS

IDS x series alarm system
Error: Version No. 2.02 busy. Will not arm the alarm because of this error.

Submitted January 26, 2018 at 02:22PM by Gtex555
via reddit http://ift.tt/2DEhFWs

Amazing Incident Response 45K PCs and 4K Servers in 10 days
http://ift.tt/2nf36ll

Submitted January 26, 2018 at 03:27PM by akapranos
via reddit http://ift.tt/2DGEqxq

Debugging Android third-party Java apps with native methods
http://ift.tt/2Ea7c6g

Submitted January 26, 2018 at 03:10PM by xaocuc
via reddit http://ift.tt/2DA2kq3

Why IP-based rules are bad, but we still use it
http://ift.tt/2ncAs51

Submitted January 26, 2018 at 04:22PM by jpkroehling
via reddit http://ift.tt/2Bv0yVv

How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME
http://ift.tt/2BwkAyI

Submitted January 26, 2018 at 06:26PM by alexlash
via reddit http://ift.tt/2Gix5Sb

Security In 5: Episode 161 - Tools, Tips and Tricks - Fileinfo.com
http://ift.tt/2BuwCZy

Submitted January 26, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2nhl73x

Universal Cross-site Scripting db
http://ift.tt/2BtIBqm

Submitted January 26, 2018 at 07:25PM by coldlinecall
via reddit http://ift.tt/2neFkGT

CloudFlair: Bypassing Cloudflare using Internet-wide scan data
http://ift.tt/2DrZB5a

Submitted January 26, 2018 at 08:23PM by speckz
via reddit http://ift.tt/2DGurrA

Elastic Stack as Intrusion detection system
Hey guys, Has anybody experience or sources about a intrusion detection system based on the elastic stack ? We have centralised logging systems of our Webserver. So maybe we can use Kibana in combination with the x-pack. They offer some attractive tools and features for setting up a ids. I’m currently researching the machine learning feature. Highly appreciate any input!

Submitted January 26, 2018 at 07:57PM by Asurax96
via reddit http://ift.tt/2EbciPP

Catching same subnet scanning
What is the best detection method to catch same subnet scanning?

Submitted January 26, 2018 at 09:06PM by housetops
via reddit http://ift.tt/2DBlxrm

Honey Buckets - A tool to find out who is snooping through your AWS S3 buckets
http://ift.tt/2n0s9Zl

Submitted January 26, 2018 at 11:00PM by graystevens
via reddit http://ift.tt/2DCOu6r