IoT security is not about connected devices alone
http://ift.tt/2Cd6uTp

Submitted February 12, 2018 at 06:35PM by Iot_Security
via reddit http://ift.tt/2EmYZ20

Ransomware: New free decryption key can save files locked with Cryakl | ZDNet
http://ift.tt/2EdDJvE

Submitted February 12, 2018 at 08:07PM by wlscr
via reddit http://ift.tt/2EDzyc4

Russian Nuclear Center engineers arrested for using supercomputers to mine cryptocurrency | ZDNet
http://ift.tt/2ChhqQ0

Submitted February 12, 2018 at 08:05PM by wlscr
via reddit http://ift.tt/2soElJv

Domain Theft Strands Thousands of Web Sites
http://ift.tt/2EmVjNU

Submitted February 12, 2018 at 08:03PM by volci
via reddit http://ift.tt/2EAVkNe

Cafaro's Ramblings » Building a Pen Testing Laptop from Scratch ( WCTF / CTF Laptop ) part 1
http://ift.tt/2ERU0mX

Submitted February 12, 2018 at 07:48PM by volci
via reddit http://ift.tt/2sp7pjZ

Some observations from the overall cyber happenings in 2017. What were your highlights?
http://ift.tt/2Cf7JBp

Submitted February 12, 2018 at 07:44PM by ded1cated
via reddit http://ift.tt/2EoxeGj

Security In 5: Episode 172 - Time To Let Adobe Flash Go, Uninstall It And Get It Out Of Your Life
http://ift.tt/2CfoD31

Submitted February 12, 2018 at 07:40PM by BinaryBlog
via reddit http://ift.tt/2Eoxh4X

IBM Patches Spectre and Meltdown for Power Servers
http://ift.tt/2BquYvN

Submitted February 12, 2018 at 07:20PM by CasperVPN
via reddit http://ift.tt/2EkJqI1

Government websites hacked in bid to mine Monero cryptocurrency
http://ift.tt/2sstKwO

Submitted February 12, 2018 at 08:36PM by wlscr
via reddit http://ift.tt/2Exq95J

Drive-by cryptomining campaign targets millions of Android users
http://ift.tt/2BSggOU

Submitted February 12, 2018 at 09:03PM by ummmbacon
via reddit http://ift.tt/2CeWDMN

Need some help in picking a project for forensic & security undergrad degree
hello allI am pretty screwed for my project and looking for any potential ideasi relally have not many idea, i was planning to make a vpn on a raspberry pi however i was told this is too simple, my other idea was to run facebook-ctf on a pi also, however i believe it needs too much ram to run smoothly on pi.i would ideally be looking for ideas around vpns, security, scoping / reconnaissance and possibly forensics (eg. forensic tool)any help and ideas you may have would be hugely appreciatedthanks in advanceperhaps some people could share some projects they have done or come accross in this field?

Submitted February 12, 2018 at 09:14PM by BootsSandwichAccount
via reddit http://ift.tt/2nVH9ZF

Security Updates Available for Popular Netgear Routers
http://ift.tt/2BonER3

Submitted February 12, 2018 at 09:05PM by DJRWolf
via reddit http://ift.tt/2nZ0loC

What are web miners and how to protect your device from them?
http://ift.tt/2Ceupla

Submitted February 12, 2018 at 09:00PM by cryptonews__
via reddit http://ift.tt/2nVHewr

Sandboxed Mac apps can record your screen at any time without you knowing
http://ift.tt/2EjuZnR

Submitted February 12, 2018 at 08:52PM by speckz
via reddit http://ift.tt/2o16Nvg

Consumers prefer security over convenience for the first time ever, IBM Security report finds - Mobile and web users are aware of the data breaches happening around them, and are now prioritizing strong security and privacy--especially when it comes to their financial accounts.
http://ift.tt/2Ed4Uqt

Submitted February 12, 2018 at 09:31PM by ekser
via reddit http://ift.tt/2HaiAjC

Cloud Backup Services?
Hi guys,I’m rebuilding my home backup solution on my QNAP, previously using Crashplan and now migrating to a new solution, something a little more robust and secure.Note I will be using VeraCrypt for some of my backups which will be synced to Cloud, so I need a solution that is ‘bit aware’ (a term I’ve heard) so as to only upload changes to the data store itself, instead of the whole file again, does this exist? Apparently Dropbox offers this sort of solution?I’ve also heard good things about iDrive, the fact I can hold the private key is a plus for this so I’ll need to do some fiddling, any other recommendations?What does everyone consider the most secure Cloud Service?Cheers!

Submitted February 12, 2018 at 09:25PM by mscaff
via reddit http://ift.tt/2nZ6m4G

It's 2018 and You Can Still p0wn Your Linux Box by Plugging in a USB Stick
http://ift.tt/2nXADSj

Submitted February 12, 2018 at 09:24PM by Iot_Security
via reddit http://ift.tt/2o0zUPy

Introducing Respounder: Detect adversarial networks that are running 'responder'.
http://ift.tt/2skVwLG

Submitted February 12, 2018 at 03:13PM by code-express
via reddit http://ift.tt/2ExDw5X

RootedCON Security Conference - 1-3 March, Madrid (Spain)
On the occasion of the ninth edition of RootedCON, the most important computer security conference in the country, around 2,000 hackers will meet to discuss new questions and researchs about the cybersecurity world, with its risks and threats. National and international experts have included in their agendas this mandatory appointment to discuss new vulnerabilities, viruses, and other threats, they will also talk about countermeasures in order to make this a safer world in the hands of these professionals.The event, which will be held at the same time in three rooms of the cinemas Kinépolis of Ciudad de la Imágen – being Room 25 the main one on Security – in Madrid, during the days 1, 2 and 3 of March will give rise to leading talks where extremely technical talks will be combined, along with others more oriented to the organization and the “management”.Important players from the world of technology, the academic world, professionals and companies, will meet at this event of reference, as well as hackers and specialists involved in the protection of companies of the IBEX35, or in the most advanced technology companies of the moment. Professionals of the stature of Chema Alonso, Ilfak Guilfanov, Raul Siles, Pedro Cabrera, Abel Valero, as well as many others, have already been confirmed as “speakers” for this edition.As in the previous edition, Room 19 of the Kinépolis cinemas will be destined to the DevOps world, often forgotten, but RootedCON considers it fundamental to build Community, the leitmotiv the RootedCON since it started its journey 10 years ago.For the first time, newcomers to the subject of cybersecurity, or those who want to take their first steps in the profession. They will be guided to Room 18.The Security Congress will be supported by companies such as Telefónica, Checkpoint, Fortinet, Symantec, Tarlogic, GTI and BBVA, among others, as well as institutional support from the National Cryptographic Center (CCN-CERT).Tickets for this unique event can now be obtained through the congress website: www.rootedcon.comYou are welcome!

Submitted February 12, 2018 at 03:44AM by axdiri
via reddit http://ift.tt/2Bq3Mgv

[March 6-8, 2018] Information Technology and Cyber Security Conference + Training in Tokyo, Japan (Discount coupon in comments)
http://ift.tt/2lywZhw

Submitted February 12, 2018 at 07:25PM by dhparams
via reddit http://ift.tt/2EC0Xeo

Personal salt. Easy password model concept I came up with, wondering if this is a good idea.
I'm personally using at least 6 different passwords and it's getting very hard to remember where I'm using what, so I came up with the following idea inspired by xkcd comic strip.What is a personal salt?Personal salt is a simple global passphrase which is meant to make your password safer, meet the security criteria of passwords of internet sites, while making the overall remembering of the password simpler.The idea behind a personal salt is for an individual to come up with at least three unconnected word passphrase including capital letters, lowercase letters and one or more numbers and then append a simple word or the internet site domain name to it as an appendix, coming up with unique pass for every site.Domain based password:Example: Dave chooses a personal salt "FrogThresholdMATRIX399", then as a result he could use it on every site, with little variance, for example, Dave's LinkedIn password could be "FrogThresholdMATRIX399LinkedIn", his Facebook password could be "FrogThresholdMATRIX399Facebook", his Gmail password could be "FrogThresholdMATRIX399Gmail", and so on. You can see that Dave only has to remember one complex sequence of characters that easily passes all the security policies of any site online, while his password is different for all sites he has an account on.This way Dave always remembers his password and he has new unique password for the next site he intends to register an account to.Concluding:Pros:Only have to remember one passphrase and can easily derive the rest from domain name.Password is complex enough to pass the security requirements.Resilient to dictionary attack even without salting in the server side (which is usually always done anyway).Impossible to brute force within any reasonable time with today's technology.No extra software needed to manage passwords.Cons:If someone finds out Dave's password in text form, and this technique is known, they might be able to guess the pattern and try it on other sites Dave has an account on. (See Common word based password below)Can be lengthy to write, especially when typo is made during an attempt to access account.If the site forces to change the password at interval, then using domain name is not enough. (See solution to changing password below.)Common word based password: Alternatively Dave may use some other word instead of domain name, which is simple enough to remember later, like everyday objects, so on site A, his password might be "FrogThresholdMATRIX399Milk" and on site B, his pass might be "FrogThresholdMATRIX399Pen", so he just remembers "Milk" and "Pen" and no longer there's a domain name in the password and the perpetrator who has acquired Dave's password for site A has no idea what password Dave is using or might be using on site B.Solution to changing password: There are certain sites that force you to change the password periodically, which means having domain appended password is not possible for longer time. Dave may add a current month number to end of the domain name in this case. For example when during February the site forces Dave to change the password, he may use "FrogThresholdMATRIX399Pets2", where the number 2 corresponds to February. Then in an attempt to remember the password in March Dave can try whether the password ends with 3 or 2, resulting only in one failed attempt to sign in. Alternatively he can use random common words and just rotate existing known passwords for him. In any case, without writing it down or using password manager, password change is painful and this system doesn't attempt to solve it nor makes it any worse.What do you think?

Submitted February 12, 2018 at 11:36PM by deadlock_jones
via reddit http://ift.tt/2EXigUO