Bounty Monitor: Leverage certificate transparency logs to monitor for newly issued subdomains, participating in bug bounty programs
http://ift.tt/2nSJvHT
Submitted February 08, 2018 at 09:53PM by AlternativeWalrus
via reddit http://ift.tt/2nMcSww
http://ift.tt/2nSJvHT
Submitted February 08, 2018 at 09:53PM by AlternativeWalrus
via reddit http://ift.tt/2nMcSww
GitHub
nashcontrol/bounty-monitor
bounty-monitor - Leverage certificate transparency live feed to monitor for newly issued subdomain cerficates, for domains participating in bug bounty programs
3snake - Dumping plaintext credentials from sshd and sudo processes from memory on Linux servers
http://ift.tt/2nMkD5E
Submitted February 08, 2018 at 08:45PM by l0tan
via reddit http://ift.tt/2nLRgA6
http://ift.tt/2nMkD5E
Submitted February 08, 2018 at 08:45PM by l0tan
via reddit http://ift.tt/2nLRgA6
GitHub
blendin/3snake
3snake - Tool for extracting information from newly spawned processes
Inside North Korea’s Hacker Army
http://ift.tt/2BJppt2
Submitted February 08, 2018 at 10:08PM by agesdear
via reddit http://ift.tt/2FVHQJi
http://ift.tt/2BJppt2
Submitted February 08, 2018 at 10:08PM by agesdear
via reddit http://ift.tt/2FVHQJi
Bloomberg.com
Inside North Korea’s Hacker Army
The regime in Pyongyang has sent hundreds of programmers to other countries. Their mission: Make money by any means necessary.
Security or Development?
I am at a crossroads. I have been working in Development for a while, about half of that time on security sensitive components. I have a fascination with security so I've done PoCs and other security related research on my own, as well as contributing android device kernel cve fixes.Now I find myself forced to choose between continuing in Development on a more general level (I'm currently full stack, this will also let me play with app development); Or join a Security department that is blanket over the entire organization, and as such be part of policy crafting, enforcement, automated scanning tools, but in general not much Dev at all.Please advise.
Submitted February 08, 2018 at 10:52PM by kn1ght
via reddit http://ift.tt/2BNZpgr
I am at a crossroads. I have been working in Development for a while, about half of that time on security sensitive components. I have a fascination with security so I've done PoCs and other security related research on my own, as well as contributing android device kernel cve fixes.Now I find myself forced to choose between continuing in Development on a more general level (I'm currently full stack, this will also let me play with app development); Or join a Security department that is blanket over the entire organization, and as such be part of policy crafting, enforcement, automated scanning tools, but in general not much Dev at all.Please advise.
Submitted February 08, 2018 at 10:52PM by kn1ght
via reddit http://ift.tt/2BNZpgr
reddit
Security or Development? • r/security
I am at a crossroads. I have been working in Development for a while, about half of that time on security sensitive components. I have a...
Security Orchestration for Phishing Intelligence
http://ift.tt/2sfIDmn
Submitted February 08, 2018 at 10:37PM by abhishekiyer
via reddit http://ift.tt/2BKqkcZ
http://ift.tt/2sfIDmn
Submitted February 08, 2018 at 10:37PM by abhishekiyer
via reddit http://ift.tt/2BKqkcZ
Demisto
Security Orchestration for Phishing Intelligence: PhishMe and Demisto
Learn how users can combine phishing trends and context from PhishMe with security orchestration and case management from Demisto to improve response posture.
Weaponization of Nessus Plugins
http://ift.tt/2nMUTpL
Submitted February 08, 2018 at 11:16PM by fang0654
via reddit http://ift.tt/2nSbk3e
http://ift.tt/2nMUTpL
Submitted February 08, 2018 at 11:16PM by fang0654
via reddit http://ift.tt/2nSbk3e
Depth Security
Weaponization of Nessus Plugins
Walking through how to twist a Nessus plugin, meant to test only for the existence of an RCE vulnerability, into a weaponized exploit.
“Joom” safe to use?
My mother finded out about shoping app called Joom. She checked it out and find few nice things for REALY cheap price and is now concerned about it beeing some type of scam. Does anyone know if it is safe?
Submitted February 09, 2018 at 12:00AM by Mr3ap3r
via reddit http://ift.tt/2EvOZme
My mother finded out about shoping app called Joom. She checked it out and find few nice things for REALY cheap price and is now concerned about it beeing some type of scam. Does anyone know if it is safe?
Submitted February 09, 2018 at 12:00AM by Mr3ap3r
via reddit http://ift.tt/2EvOZme
reddit
“Joom” safe to use? • r/security
My mother finded out about shoping app called Joom. She checked it out and find few nice things for REALY cheap price and is now concerned about...
Intel Releases New Spectre Patch For Skylake-Based Processors Sans Nasty Reboot Bug
http://ift.tt/2FWTvax
Submitted February 09, 2018 at 12:12AM by DJRWolf
via reddit http://ift.tt/2GWn5OJ
http://ift.tt/2FWTvax
Submitted February 09, 2018 at 12:12AM by DJRWolf
via reddit http://ift.tt/2GWn5OJ
HotHardware
Intel Releases New Spectre Patch For Skylake-Based Processors Sans Nasty Reboot Bug | HotHardware
Intel is now an issuing a second "production" microcode update for "several" Skylake-platforms.
Introducing Red Baron - Automate the Creation of Resilient, Disposable, Secure, and Agile Infrastructure for Red Teams
http://ift.tt/2EwvY3r
Submitted February 09, 2018 at 02:40AM by coalfirelabs
via reddit http://ift.tt/2sd36YI
http://ift.tt/2EwvY3r
Submitted February 09, 2018 at 02:40AM by coalfirelabs
via reddit http://ift.tt/2sd36YI
Coalfire.com
Post
Coalfire Labs blog posts with opinions, findings and research from the technical testing of IT perspective.
Cyber security, telecommuting, natural disasters
Hi,Does anyone have any statistics or resources speaking to increased cyber attacks that coincide with natural disasters? For example, a company has to enact its Business Continuity Plan because of a massive snowstorm, and the whole office telecommutes for days from less secure home networks. Any trends or information/comments you could point me to or share would be very welcome. Thanks!
Submitted February 09, 2018 at 02:47AM by young_monet
via reddit http://ift.tt/2FYDLnJ
Hi,Does anyone have any statistics or resources speaking to increased cyber attacks that coincide with natural disasters? For example, a company has to enact its Business Continuity Plan because of a massive snowstorm, and the whole office telecommutes for days from less secure home networks. Any trends or information/comments you could point me to or share would be very welcome. Thanks!
Submitted February 09, 2018 at 02:47AM by young_monet
via reddit http://ift.tt/2FYDLnJ
reddit
Cyber security, telecommuting, natural disasters • r/security
Hi, Does anyone have any statistics or resources speaking to increased cyber attacks that coincide with natural disasters? For example, a company...
Sacramento Bee Leaks 19.5 Million California Voter Records, Promptly Compromised by Hackers
http://ift.tt/2ErR0Qn
Submitted February 09, 2018 at 02:35AM by austingwalters
via reddit http://ift.tt/2H1qiwo
http://ift.tt/2ErR0Qn
Submitted February 09, 2018 at 02:35AM by austingwalters
via reddit http://ift.tt/2H1qiwo
Gizmodo
Sacramento Bee Leaks 19.5 Million California Voter Records, Promptly Compromised by Hackers
Last month, a local California newspaper left more than 19 million voter records exposed online. Gizmodo confirmed this week that the records were compromised during an apparent ransomware attack.
Google has paid security researchers almost $12 million for bug bounties, $2.9 million in 2017 alone
http://ift.tt/2FWWSyl
Submitted February 09, 2018 at 02:07AM by speckz
via reddit http://ift.tt/2EPdRDi
http://ift.tt/2FWWSyl
Submitted February 09, 2018 at 02:07AM by speckz
via reddit http://ift.tt/2EPdRDi
VentureBeat
Google has paid security researchers almost $12 million for bug bounties, $2.9 million in 2017 alone
Google today announced it has paid out almost $12 million since launching its bug bounty program in November 2010. In the past year alone, the company paid 274 different security researchers $2.9 million, although the year before that it paid out over $3…
unfurl, An Entropy-Based Link Vulnerability Analysis Tool. Triages potentially vulnerable URLs from large-sample collections.
http://ift.tt/2GYBpGq
Submitted February 09, 2018 at 05:51AM by jalospinoso
via reddit http://ift.tt/2nXfbvI
http://ift.tt/2GYBpGq
Submitted February 09, 2018 at 05:51AM by jalospinoso
via reddit http://ift.tt/2nXfbvI
jlospinoso.github.io
unfurl, An Entropy-Based Link Vulnerability Analysis Tool
The Blog of Josh Lospinoso
From July Chrome 68 will mark all HTTP websites as not secure
http://ift.tt/2FYfpuc
Submitted February 09, 2018 at 08:57AM by mr__jigsaw
via reddit http://ift.tt/2GXgjZ3
http://ift.tt/2FYfpuc
Submitted February 09, 2018 at 08:57AM by mr__jigsaw
via reddit http://ift.tt/2GXgjZ3
Google Online Security Blog
A secure web is here to stay
Posted by Emily Schechter, Chrome Security Product Manager For the past several years, we’ve moved toward a more secure web by strongly adv...
ReelPhish: A Real-Time Two-Factor Phishing Tool
http://ift.tt/2nKpqEJ
Submitted February 08, 2018 at 08:49AM by giomke
via reddit http://ift.tt/2BOa2jc
http://ift.tt/2nKpqEJ
Submitted February 08, 2018 at 08:49AM by giomke
via reddit http://ift.tt/2BOa2jc
FireEye
ReelPhish: A Real-Time Two-Factor Phishing Tool « ReelPhish: A Real-Time Two-Factor Phishing Tool
To improve social engineering assessments, we developed a tool – named ReelPhish – that simplifies the real-time phishing technique.
Nissan Canada Finance Data Breach - Is this real?
Lot of customers getting letters in the mail regarding a data breach of customer data including credit scores, personal information.
Submitted February 09, 2018 at 10:07AM by CC4Red
via reddit http://ift.tt/2C5OAlz
Lot of customers getting letters in the mail regarding a data breach of customer data including credit scores, personal information.
Submitted February 09, 2018 at 10:07AM by CC4Red
via reddit http://ift.tt/2C5OAlz
reddit
Nissan Canada Finance Data Breach - Is this real? • r/security
Lot of customers getting letters in the mail regarding a data breach of customer data including credit scores, personal information.
Phishing catcher using Certstream
http://ift.tt/2hOTGLt
Submitted February 09, 2018 at 01:06PM by digicat
via reddit http://ift.tt/2Ef50hm
http://ift.tt/2hOTGLt
Submitted February 09, 2018 at 01:06PM by digicat
via reddit http://ift.tt/2Ef50hm
Just another infosec blog type of thing
Catching phishing before they catch you
Paypal phishing, paypal phishing everywhere
Cryptocurrency marketplaces hit by serious cyber attacks
http://ift.tt/2nW5zkS
Submitted February 09, 2018 at 05:11PM by imr2017
via reddit http://ift.tt/2so4UhY
http://ift.tt/2nW5zkS
Submitted February 09, 2018 at 05:11PM by imr2017
via reddit http://ift.tt/2so4UhY
http://www.v3.co.uk
Cryptocurrency marketplaces hit by serious cyber attacks | V3
Hackers are using bots and location spoofing tools to target crypto exchanges
Podcast: A Look Back at Cybersecurity with Graham Cluley
http://ift.tt/2EfoEJQ
Submitted February 09, 2018 at 06:22PM by Uminekoshi
via reddit http://ift.tt/2EgfSeU
http://ift.tt/2EfoEJQ
Submitted February 09, 2018 at 06:22PM by Uminekoshi
via reddit http://ift.tt/2EgfSeU
SoundCloud
Episode 5 - A Look Back at Cybersecurity with Graham Cluley
In this CyberTangent episode, we are joined by none other than Graham Cluley! Our podcast host is Landon Johnson.
Today's topic is "A Look Back at Cybersecurity with Graham Cluley." Let's jump in!
L
Today's topic is "A Look Back at Cybersecurity with Graham Cluley." Let's jump in!
L
Security In 5: Episode 171 - Tools, Tips and Tricks - bWapp, a very buggy web application
http://ift.tt/2H3jUVC
Submitted February 09, 2018 at 07:37PM by BinaryBlog
via reddit http://ift.tt/2G1i1aq
http://ift.tt/2H3jUVC
Submitted February 09, 2018 at 07:37PM by BinaryBlog
via reddit http://ift.tt/2G1i1aq
Libsyn
Security In Five Podcast: Episode 171 - Tools, Tips and Tricks - bWapp, a very buggy web application
This week's tools, tips and tricks episode talks about bWapp, a very buggy web application. bWapp is a fully functional web application you can download and install locally for security research, penetration testing, education and remediation exercises. If…