What are web miners and how to protect your device from them?
http://ift.tt/2Ceupla

Submitted February 12, 2018 at 09:00PM by cryptonews__
via reddit http://ift.tt/2nVHewr

Sandboxed Mac apps can record your screen at any time without you knowing
http://ift.tt/2EjuZnR

Submitted February 12, 2018 at 08:52PM by speckz
via reddit http://ift.tt/2o16Nvg

Consumers prefer security over convenience for the first time ever, IBM Security report finds - Mobile and web users are aware of the data breaches happening around them, and are now prioritizing strong security and privacy--especially when it comes to their financial accounts.
http://ift.tt/2Ed4Uqt

Submitted February 12, 2018 at 09:31PM by ekser
via reddit http://ift.tt/2HaiAjC

Cloud Backup Services?
Hi guys,I’m rebuilding my home backup solution on my QNAP, previously using Crashplan and now migrating to a new solution, something a little more robust and secure.Note I will be using VeraCrypt for some of my backups which will be synced to Cloud, so I need a solution that is ‘bit aware’ (a term I’ve heard) so as to only upload changes to the data store itself, instead of the whole file again, does this exist? Apparently Dropbox offers this sort of solution?I’ve also heard good things about iDrive, the fact I can hold the private key is a plus for this so I’ll need to do some fiddling, any other recommendations?What does everyone consider the most secure Cloud Service?Cheers!

Submitted February 12, 2018 at 09:25PM by mscaff
via reddit http://ift.tt/2nZ6m4G

It's 2018 and You Can Still p0wn Your Linux Box by Plugging in a USB Stick
http://ift.tt/2nXADSj

Submitted February 12, 2018 at 09:24PM by Iot_Security
via reddit http://ift.tt/2o0zUPy

Introducing Respounder: Detect adversarial networks that are running 'responder'.
http://ift.tt/2skVwLG

Submitted February 12, 2018 at 03:13PM by code-express
via reddit http://ift.tt/2ExDw5X

RootedCON Security Conference - 1-3 March, Madrid (Spain)
On the occasion of the ninth edition of RootedCON, the most important computer security conference in the country, around 2,000 hackers will meet to discuss new questions and researchs about the cybersecurity world, with its risks and threats. National and international experts have included in their agendas this mandatory appointment to discuss new vulnerabilities, viruses, and other threats, they will also talk about countermeasures in order to make this a safer world in the hands of these professionals.The event, which will be held at the same time in three rooms of the cinemas Kinépolis of Ciudad de la Imágen – being Room 25 the main one on Security – in Madrid, during the days 1, 2 and 3 of March will give rise to leading talks where extremely technical talks will be combined, along with others more oriented to the organization and the “management”.Important players from the world of technology, the academic world, professionals and companies, will meet at this event of reference, as well as hackers and specialists involved in the protection of companies of the IBEX35, or in the most advanced technology companies of the moment. Professionals of the stature of Chema Alonso, Ilfak Guilfanov, Raul Siles, Pedro Cabrera, Abel Valero, as well as many others, have already been confirmed as “speakers” for this edition.As in the previous edition, Room 19 of the Kinépolis cinemas will be destined to the DevOps world, often forgotten, but RootedCON considers it fundamental to build Community, the leitmotiv the RootedCON since it started its journey 10 years ago.For the first time, newcomers to the subject of cybersecurity, or those who want to take their first steps in the profession. They will be guided to Room 18.The Security Congress will be supported by companies such as Telefónica, Checkpoint, Fortinet, Symantec, Tarlogic, GTI and BBVA, among others, as well as institutional support from the National Cryptographic Center (CCN-CERT).Tickets for this unique event can now be obtained through the congress website: www.rootedcon.comYou are welcome!

Submitted February 12, 2018 at 03:44AM by axdiri
via reddit http://ift.tt/2Bq3Mgv

[March 6-8, 2018] Information Technology and Cyber Security Conference + Training in Tokyo, Japan (Discount coupon in comments)
http://ift.tt/2lywZhw

Submitted February 12, 2018 at 07:25PM by dhparams
via reddit http://ift.tt/2EC0Xeo

Personal salt. Easy password model concept I came up with, wondering if this is a good idea.
I'm personally using at least 6 different passwords and it's getting very hard to remember where I'm using what, so I came up with the following idea inspired by xkcd comic strip.What is a personal salt?Personal salt is a simple global passphrase which is meant to make your password safer, meet the security criteria of passwords of internet sites, while making the overall remembering of the password simpler.The idea behind a personal salt is for an individual to come up with at least three unconnected word passphrase including capital letters, lowercase letters and one or more numbers and then append a simple word or the internet site domain name to it as an appendix, coming up with unique pass for every site.Domain based password:Example: Dave chooses a personal salt "FrogThresholdMATRIX399", then as a result he could use it on every site, with little variance, for example, Dave's LinkedIn password could be "FrogThresholdMATRIX399LinkedIn", his Facebook password could be "FrogThresholdMATRIX399Facebook", his Gmail password could be "FrogThresholdMATRIX399Gmail", and so on. You can see that Dave only has to remember one complex sequence of characters that easily passes all the security policies of any site online, while his password is different for all sites he has an account on.This way Dave always remembers his password and he has new unique password for the next site he intends to register an account to.Concluding:Pros:Only have to remember one passphrase and can easily derive the rest from domain name.Password is complex enough to pass the security requirements.Resilient to dictionary attack even without salting in the server side (which is usually always done anyway).Impossible to brute force within any reasonable time with today's technology.No extra software needed to manage passwords.Cons:If someone finds out Dave's password in text form, and this technique is known, they might be able to guess the pattern and try it on other sites Dave has an account on. (See Common word based password below)Can be lengthy to write, especially when typo is made during an attempt to access account.If the site forces to change the password at interval, then using domain name is not enough. (See solution to changing password below.)Common word based password: Alternatively Dave may use some other word instead of domain name, which is simple enough to remember later, like everyday objects, so on site A, his password might be "FrogThresholdMATRIX399Milk" and on site B, his pass might be "FrogThresholdMATRIX399Pen", so he just remembers "Milk" and "Pen" and no longer there's a domain name in the password and the perpetrator who has acquired Dave's password for site A has no idea what password Dave is using or might be using on site B.Solution to changing password: There are certain sites that force you to change the password periodically, which means having domain appended password is not possible for longer time. Dave may add a current month number to end of the domain name in this case. For example when during February the site forces Dave to change the password, he may use "FrogThresholdMATRIX399Pets2", where the number 2 corresponds to February. Then in an attempt to remember the password in March Dave can try whether the password ends with 3 or 2, resulting only in one failed attempt to sign in. Alternatively he can use random common words and just rotate existing known passwords for him. In any case, without writing it down or using password manager, password change is painful and this system doesn't attempt to solve it nor makes it any worse.What do you think?

Submitted February 12, 2018 at 11:36PM by deadlock_jones
via reddit http://ift.tt/2EXigUO

Free Ethical Hacking Course - Module 4 -Enumeration of Objective Systems
http://ift.tt/2ElZDZs

Submitted February 13, 2018 at 03:23AM by gburu
via reddit http://ift.tt/2EXGQVC

Forensic Readiness: Setting the Foundation for Cybersecurity
I’ve been involved in addressing many different cyberattacks in 2017 and early 2018, with some attacks being more successful than others. My involvement was usually in identifying the nature of the attack in a post mortem fashion or thwarting the advancement of an attack in progress. One common thread among all of them was the lack of forensic readiness by the organization that was attacked. So, what exactly is forensic readiness? Most organizations deploy some advanced hardware at the perimeter (such as firewall/application proxy) to control North-South traffic that is either generated from the local network heading to the Internet or vice versa. Other organizations adopt a more advanced model of installing an additional Intrusion Detection System on the network that monitors East-West traffic (traffic that moves between the users, servers, storage etc.). A logging system is installed to capture the events and then the assumption is that we can defend this echo system successfully. The reality, as many of you reading this blog understand, is that this type of installation is typical but inadequate. If something were to happen (user account hacked, USB device, malware traversing an email file or someone gaining access to a cloud tenancy, etc.), the logs provided by the firewall and the IDS device would not be sufficient to ascertain what happened let alone attempt to prosecute the case if the business was harmed. I’m going to walk you through some of the changes that I think are necessary for a strong foundation in cyber security and pertain only to the data collection portion of the forensic process. Identifying Sources of Data: • Local equipment such as firewalls, servers, local Active Directory controllers, wireless devices, etc. • Remote equipment: Similar to above but residing in a different location such as remote offices and data centers • Cloud providers: O365, Azure, AWS, Google, and other hosting providers whether hosting Infrastructure or Application as a Service Acquiring the data: • Set up an NTP server to synchronize all devices to ensure that incoming data has proper timing (for correlation purposes) • Configure the sources to send the logs to a centralized SIEM (Security Information and Event Management) system such as Splunk or AlienVault • Configure the sources to have the necessary settings for the logs in order to sufficiently identify an attack and/or present enough evidence to allow prosecution • Configure the cloud tenancies to adequately collect and forward the logs to the SIEM • Install Intrusion Detection Systems/Capabilities on your VPN tunnels and any other external connector with a partner or client and ensure that proper logging is enabled and forwarding to your SIEM Although data collection is a sub section of forensic readiness, it cannot be underestimated because in every incident I have participated in, the logs pertaining to the attack were never sufficient. Please feel free to comment on this blog and or contact me at uhoulila@crossrealms.com. Be on the lookout for my upcoming forensic toolkit, which addresses forensic readiness more comprehensively.

Submitted February 13, 2018 at 03:14AM by houlila
via reddit http://ift.tt/2G89q5Z

A safe os for daily use and crypto assets
Hi y'all, anybody here loving the DLT space? I do, it's exciting.Anyway, i'm running windows 10 on my PC and i've had it with this OS. Got weirdness going on every now and then and been trying to find those damn viruses or other malware, too scared to use my wallets, i need a better OS. I have just once tried Tails for a few days, besides that only windows.It's my daily PC that i use for browsing/watching/trading etc. I also want to run a Bitcoin lightning node if that is profitable AND mine anything profitable and popular. Specs: intel g3258 3.2ghz 4gb ram 120gb ssd 1tb hdd A single Ati 280x tri-xI've just had a look at linux Manjaro KDE from a usb stick, surprised that it looks and feels nice! I dont know if it has good enough safety and if it is suitable for running a lightning node/mining/keeping wallets/trading..When it comes to safety i'm new to most of the things i've read about such as tor, php, deep packet inspection, vpn and whatever else could work. But that's what i want and need with all the scamming in the cryptospace, sufficient safety.

Submitted February 13, 2018 at 04:10AM by Cryptocats2point0
via reddit http://ift.tt/2EnZZ6a

API Security Checklist
http://ift.tt/2CN1xlo

Submitted February 13, 2018 at 05:40AM by zinsi-
via reddit http://ift.tt/2sq2S0t

Kotlin and Java: How Hackers See Your Code
http://ift.tt/2Epb2Ms

Submitted February 13, 2018 at 08:20AM by numberbuzy
via reddit http://ift.tt/2G7zM8c

We need to continue the debate on the ethics and perils of publishing security research
http://ift.tt/2BOqX50

Submitted February 13, 2018 at 09:31AM by SuccessfulOperation
via reddit http://ift.tt/2BpbIyG

Looks like itunes india may have been hit by the cryptojacking malware to mine monero.
http://ift.tt/2sqEkEP

Submitted February 13, 2018 at 10:43AM by sojana
via reddit http://ift.tt/2sqia5H

Competent Event Security Services Company in Dubai, UAE
http://ift.tt/2CfXcpH

Submitted February 13, 2018 at 03:32PM by amberjhon215
via reddit http://ift.tt/2EpWyvN

Recon Brussels slides
http://ift.tt/2Cekz2V

Submitted February 13, 2018 at 04:06PM by sanderD
via reddit http://ift.tt/2ChuFQv

Linux hacked on to the Nintendo Switch thanks to CPU flaw
http://ift.tt/2G8Si01

Submitted February 13, 2018 at 04:39PM by Iot_Security
via reddit http://ift.tt/2EZEpSB

Consumers want more #IoT regulation
http://ift.tt/2EFDl8N

Submitted February 13, 2018 at 04:34PM by Iot_Security
via reddit http://ift.tt/2EiMkcj

Necurs Fuels Massive Valentine's Day Spam Campaign
http://ift.tt/2BTEDvD

Submitted February 13, 2018 at 05:42PM by CasperVPN
via reddit http://ift.tt/2EpIgqE